West Pharmaceutical warns of ransomware attack impacting business operations

A large Pennsylvania pharmaceutical company said a ransomware attack has impacted critical systems used to ship, receive and manufacture products. 

West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems. 

“The incident and the Company’s proactive response have temporarily disrupted the Company’s business operations globally,” the company’s general counsel wrote in the 8-K form. 

“While the Company has restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at some sites with restoration of the remaining sites in process, the timeline for a complete restoration has not yet been finalized.”

A spokesperson for the company told Recorded Future News that West Pharmaceutical shut down and isolated on-premise infrastructure that was affected, restricted access to enterprise systems and notified law enforcement. 

West Pharmaceutical is one of the largest providers of injectable solutions, partnering with drug developers to ensure medicine can be delivered safely to patients. They make stoppers and seals for injectable packaging, components for syringes and cartridges, auto-injectors, wearable injectors and other devices. 

The company has more than 10,000 employees across 50 locations globally and reported net sales of more than $3 billion in 2025. 

Palo Alto Networks’ incident response team Unit 42 was hired to lead the investigation into the ransomware attack and to contain the incident.

West Pharmaceutical is still investigating what information was stolen during the initial breach and is still unsure of the financial impact of the attack. 

“West is leveraging its business continuity plans and working with our customers to mitigate risk and minimize delays wherever possible,” the spokesperson said. 

No ransomware gang has taken credit for the attack as of Tuesday but the company said it has “taken steps intended to mitigate the risk of dissemination of the exfiltrated data.”

The healthcare industry has faced an increased number of attacks in 2026 from both nation-state actors and cybercriminals, according to cybersecurity experts. 

Errol Weiss, chief security officer at healthcare information sharing organization Health ISAC, said they are seeing “a sustained, high level of malicious activity targeting the healthcare sector.”

“It’s highly likely that both the volume and impact of attacks remain elevated compared to previous years, particularly around ransomware and data-theft operations,” he said. “What worries me most is that the same access and techniques could be used interchangeably for espionage, financial gain, or destructive impact — any of which could put people's lives in danger if healthcare services are interrupted.”