American pharmaceutical company Inotiv disclosed that ransomware attackers encrypted some of its systems and data on August 8, 2025, disrupting business operations at the Indiana-based contract research organization.
On August 8, 2025, Inotiv became aware of a cybersecurity incident affecting certain systems and data. The company's preliminary investigation determined that a threat actor gained unauthorized access to and encrypted certain company systems. Inotiv started an investigation with external security experts and notified law enforcement authorities of the incident. The Qilin ransomware gang claimed responsibility for the attack and alleges to have stolen around 162,000 files amounting to 176GB of data. The threat actors published data samples on their leak site. Inotiv is an Indiana-based contract research organization specializing in drug development, drug discovery, safety assessment, and live animal research modeling. The company employs around 2,000 specialists and generates annual revenue of more than $500 million.
The cybersecurity incident caused disruptions to certain business operations, with adverse effects expected to persist for some time. The attack specifically impacted certain networks and systems that include databases and internal applications used in business processes. Inotiv's IT team is working to restore these systems and has migrated some affected operations to offline alternatives to mitigate the impact of outages caused by the cyberattack. The company has not provided an estimation for a return to normal operations.
In a filing to the U.S. Securities and Exchange Commission (SEC), Inotiv stated, "On August 8, 2025, Inotiv, Inc. became aware of a cybersecurity incident affecting certain of its systems and data. The Company's preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company's systems."
The organization said that "the cybersecurity incident has caused disruptions to certain business operations and expects the adverse effects to persist for some time."
This attack on Inotiv shows the vulnerability of pharmaceutical contract research organizations that handle sensitive drug development data and research information. As a company specializing in drug discovery, safety assessment, and live animal research modeling, Inotiv likely maintains extensive databases containing proprietary pharmaceutical research, clinical trial data, and potentially sensitive information about drug development pipelines. The disruption to business operations could impact ongoing research projects and drug development timelines, affecting both Inotiv's clients and potentially delaying pharmaceutical innovations that could benefit patients.
They often exploit phishing emails, stolen credentials, or unpatched software vulnerabilities.
Yes, depending on whether the compromised data included protected health or personal information.
It could erode client trust and delay collaborative drug development projects.