Omnicell experienced a ransomware attack last week, according to forms the company filed with the Securities and Exchange Commission on Monday.
Omnicell, which sells pharmacy and medication management technology to healthcare organizations, on May 4 discovered some information-technology systems had been affected by ransomware, according to an 8-K form, which companies file to notify investors and the SEC about events that could be important to shareholders.
Omnicell did not respond to a request for comment on what IT systems were affected and whether they are operational.
“The company is not commenting beyond the 8-K filing at this time,” a spokesman for Omnicell said.
Some products, services and internal systems have been affected, according to the filing. Medication-management devices used by customers, such as automated dispensing systems and robotic equipment, have not been disrupted by the attack, based on the company’s assessment.
The company is in the “early stages” of its investigation and has not determined the extent of the impact on the company’s “business, results of operations or financial condition or whether such impact will have a material adverse effect,” according to the filing. Omnicell has notified law enforcement and is working with cybersecurity experts and legal counsel.
Omnicell has not said whether patient data was affected in the cyberattack.
The incident has not been posted to the Health and Human Services Department’s Office for Civil Rights breach portal. Healthcare entities governed by the Health Insurance Portability and Accountability Act are required to disclose data breaches to the Office for Civil Rights within 60 days of discovery, provided the incident affected 500 or more people.
Omnicell in a quarterly 10-Q filing on Monday said that possible disruptions to IT systems, data breaches and cyberattacks on its systems could adversely impact its business.
The company said many of the associated risks will likely increase as it continues to expand its cloud-based products.
“Any prolonged system disruption in our IT systems or third-party services could negatively impact the coordination of our sales, planning and manufacturing activities, which could harm our business,” Omnicell wrote in the filing. Data breaches could also lead to loss of trade secrets or exposing employee, customer or patient data.
Federal agencies have been warning healthcare organizations to prepare for cyberattacks in recent months, alerting businesses about an “exceptionally aggressive” ransomware group, known as Hive, and raising concerns that Russia’s invasion of Ukraine could lead to more “malicious cyber activity.”
Last year set a record for healthcare data breaches, with providers, insurers and their business associates submitting more than 700 reports to the Office for Civil Rights. The previous record was 663 breaches in 2020.
Mountain View, California-based Omnicell posted $ 318.8 million in revenue for 2022’s first quarter, up 26.6% from $ 251.8 million in the year-ago period. Roughly 70% of the company’s revenue derived from product revenue, at $ 225.9 million. The company reported $ 8.2 million in net income, down 41.9% from $ 14.1 million in the year-ago quarter.