Drug development company Inotiv reports ransomware attack to SEC

An Indiana-based drug research company said a recent ransomware attack has disrupted its business operations and forced a shutdown of critical systems. 

Inotiv told regulators at the Securities Exchange Commission that the cybersecurity incident was discovered on August 8 and a subsequent investigation found that threat actors had encrypted certain systems. 

The company does not have a timeline for when restoration is expected but said the incident is impacting “the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications.” 

Officials are working to bring portions of the system back online but in the meantime are using “offline alternatives” to reduce business disruption. Law enforcement was notified of the ransomware attack but no group has taken credit for the incident. 

Inotiv is a contract research organization that provides drug discovery and development services to pharmaceutical companies. The company reported $374.9 million in earnings for the first three quarters of 2025 through its work on medical devices, oncology drugs, neuroscience and COVID-19.

In the SEC filing, the company said it is unsure of whether the incident will have a financial impact. 

On Tuesday morning, the Qilin ransomware gang said it was responsible for the attack, adding Inotiv to its leak site. In the post, the group said it took 176 GB of information that allegedly includes research data collected over the last 10 years. 

The group is best known for its attacks on the healthcare industry, allegedly contributing to one death in the U.K. following a ransomware incident involving pathology service Synnovis last year. The Russia-based ransomware gang has also been implicated in several other attacks on governments and a large U.S. newspaper chain. 

Two medical device companies have reported cybersecurity incidents to the SEC this year. Device manufacturer Masimo said in May that a cyberattack affected its ability to process, fulfill, and ship customer orders.

One month later, Minnesota-based company Surmodics told regulators it was forced to shut down parts of its IT system in response to a cyberattack. A third company that makes products used in heart surgeries said its delivery systems were disrupted by a pre-Thanksgiving ransomware attack.