Ransomware Attack on Omnicell Reports Revealed in SEC Filing


Mountain View, California-located supplier of medication management solutions, Omnicell has revealed recently, as part of an 8-K submission with the Securities and Exchange Commission (SEC), that the groups was successfully targeted in the cyber attack on its databases.

The cyber attack was initially discovered on May 4, 2022, and lead to a number of specific internal information technology databases being disable in order to prevent further unauthorized access taking place.

A spokesperson for Omnicell disclosed that the breach review remains current and the full impact of the cyber attack is, as yet, unknown. However, it has been discovered that the data breach infiltrated some of the group’s products and services. Omnicell moved quickly to address the attack, once it was discovered, and was able to prevent access attempts from being successful by following the internal business continuity plans. Following this it was possible to begin bringing all systems back online.

At the current stage of the investigation, Omnicell has not been in a position to estimate the overall damage caused by the cyber attack on group business, operations, or the financial impact of the data breach, nor whether any damage will lead to a material adverse effect. External cybersecurity specialists have been contracted and are helping with with the breach investigation. The data breach had also been made known to the relevant law enforcement authorities.

In its recently submitted quarterly earnings statement Omnicell explained, in its 10-Q form to the SEC, that major interruptions to group databases may inflict some damage on business as the company is dependent on IT systems for keeping financial and corporate records, messaging internally and with third party group, and conducting crucial business procedures.

Omnicell outlined that it does has backups and holds them safely off-site, but that the business would be impacted if systems and data could be be brought back online using the backups quickly enough. Additionally the business would also be adversely impacted if a data theft took place that lead to the the loss of intellectual property.

It remains unknown if any sensitive data was illegally removed before the files were encrypted.