West Pharmaceutical Services Discloses Cyberattack with Data Theft and System Encryption
Pharmaceutical manufacturer West Pharmaceutical Services has disclosed a cyberattack that resulted in data exfiltration and system encryption, disrupting global operations.
West Pharmaceutical Services, a major S&P 500 pharmaceutical manufacturer, disclosed on May 7, 2026, that it suffered a cyberattack involving data theft and system encryption. The company detected the intrusion on May 4 and immediately activated its incident response protocols, including taking systems offline globally to contain the breach.
The attack targeted West Pharmaceutical, which specializes in injectable drug packaging, syringe components, and drug delivery devices. With annual revenues exceeding $3 billion and over 10,800 employees worldwide, the company is a critical link in the pharmaceutical supply chain. The disruption forced the company to halt some manufacturing operations, though it has since partially restored production.
In a filing with the U.S. Securities and Exchange Commission (SEC), West Pharmaceutical stated that an unauthorized party exfiltrated data and encrypted certain systems. The company has not disclosed the type of data stolen or the extent of the encryption. An investigation is underway to determine the full scope of the incident.
West Pharmaceutical engaged Palo Alto Networks' Unit 42 for incident response, containment, and recovery efforts, alongside other external experts and legal counsel. The company has also notified law enforcement. No ransomware group has claimed responsibility for the attack as of the time of writing.
The company has restored core enterprise systems supporting shipping and manufacturing, but complete restoration of all systems has not yet been achieved. No timeline for full recovery has been provided, and West Pharmaceutical has not estimated the material financial impact of the incident.
This attack highlights the ongoing threat to critical pharmaceutical infrastructure. As companies like West Pharmaceutical are integral to the global drug supply chain, disruptions can have cascading effects on healthcare delivery. The incident underscores the need for robust cybersecurity measures in the pharmaceutical sector, particularly as threat actors increasingly target manufacturing and supply chain operations.