Status Of Merck's Recovery From "Not Petya" Hack/Cyber-Attack: SEC Form 10-Q

I have been a little too busy with my day gig to get back to Merck's SEC filed Form 10-Q for the most recent quarter, and post this.

But as I have a quiet moment here, on this gray but clearing early morning -- with my coffee, I'll load this up.

As I earlier guessed, the API operations have been deeply impacted by the ransom wear attack -- it locked out the systems needed to monitor, for example, the bulk vaccine pre-cursor stock -- in my opinion. I have no non-public inside information, here -- but given the way the Hep B vaccine is created, the API computer monitoring operations being out would be. . . crippling. In fact, if I am right about that speculation, GMP would require that the vast bulk of the raw API be discarded, and the entire process restarted, with all new pre-cursors, to ensure purity and safety. And so, do read the bolded parts below, closely (from page 29 of the Form 10-Q):

. . . .On June 27, 2017, the Company experienced a network cyber-attack that led to a disruption of its worldwide operations, including manufacturing, research and sales operations. While the Company does not yet know the magnitude of the impact of the disruption, which remains ongoing in certain operations, it continues to work to minimize the effects.

The Company is in the process of restoring its manufacturing operations. To date, Merck has largely restored its packaging operations and has mostly restored its formulation operations. The Company is in the process of restoring its Active Pharmaceutical Ingredient operations but is not yet producing bulk product. The Company’s external manufacturing was not impacted. Throughout this time, Merck has continued to fulfill orders and ship product.

The Company is confident in the continuous supply of key products such as Keytruda, Januvia (sitagliptin) and Zepatier (elbasvir and grazoprevir). In addition, Merck does not currently expect a significant impact to sales of its other top products; however, the Company anticipates that it will have temporary delays in fulfilling orders for certain other products in certain markets. Merck does not currently expect a significant impairment to the value of intangible assets related to marketed products or inventories. Full resumption of affected operations will take time and the Company will incur expenditures related to remediation efforts. The Company has insurance coverage insuring against costs resulting from cyber-attacks. However, there may be disputes with the insurers about the availability of the insurance coverage for claims related to this incident. . . .

That is -- to be fair -- my speculation. But it is speculation informed by long experience. And as to the last bolded bit, I cannot imagine what any business interruption insurer could say that would allow it to avoid covering the direct interruption expenses, from a cyber-attack or ransom wear hack attack loss, here.

Now you know -- onward, to a wonderful traveling, eclipse kissed long weekend!

नमस्ते