West Pharmaceutical Services Discloses Ransomware Attack Disrupting Global Operations
West Pharmaceutical Services reported a ransomware attack that began on May 4, 2026, disrupting shipping, receiving, and manufacturing systems, with data theft and encryption of on-premise infrastructure.
West Pharmaceutical Services, a major Pennsylvania-based supplier of injectable packaging and drug delivery systems, disclosed a ransomware attack that began on May 4, 2026, impacting critical systems for shipping, receiving, and manufacturing. In a filing with the Securities and Exchange Commission (SEC) on Monday evening, the company warned that the breach involved data theft and encryption of systems, with on-premise infrastructure affected. The company has restored core enterprise systems and restarted critical processes at some sites, but a timeline for full recovery has not been finalized.
The attack forced West Pharmaceutical to shut down and isolate affected on-premise infrastructure, restrict access to enterprise systems, and notify law enforcement. Palo Alto Networks' incident response team Unit 42 has been hired to lead the investigation and contain the incident. The company is still assessing what data was stolen and the financial impact of the attack. No ransomware gang has claimed responsibility as of Tuesday, but the company has taken steps to mitigate the risk of dissemination of exfiltrated data.
West Pharmaceutical is one of the largest providers of injectable solutions, partnering with drug developers to ensure safe delivery of medicines. The company manufactures stoppers and seals for injectable packaging, components for syringes and cartridges, auto-injectors, wearable injectors, and other devices. With more than 10,000 employees across 50 locations globally, West Pharmaceutical reported net sales of over $3 billion in 2025.
The healthcare industry has faced an increased number of attacks in 2026 from both nation-state actors and cybercriminals. Errol Weiss, chief security officer at Health ISAC, noted that the sector is experiencing a sustained, high level of malicious activity, particularly ransomware and data-theft operations. He warned that the same access and techniques could be used interchangeably for espionage, financial gain, or destructive impact, potentially endangering lives if healthcare services are interrupted.
West Pharmaceutical is leveraging its business continuity plans and working with customers to mitigate risk and minimize delays. The company's proactive response included shutting down and isolating affected infrastructure, restricting access, and notifying law enforcement. The investigation by Unit 42 is ongoing, and the company continues to work on restoring operations at remaining sites.
This incident underscores the persistent threat ransomware poses to critical healthcare supply chains. As attackers increasingly target pharmaceutical and medical device manufacturers, the disruption of production and distribution can have cascading effects on patient care. The involvement of Unit 42 highlights the severity of the breach and the need for specialized incident response in the healthcare sector.