IT Quality Management for Secure System Restoration: Recovery from Ransomeware attack in GxP-Regulated Environments

In this case study, the focus is on the restoration of IT systems following a ransomware attack. It also considers ensuring compliance and data integrity through targeted IT quality management in a GxP-regulated environment.

Problem statement

The client is an internationally operating company in the field of pharmaceutical active ingredient research. Its services include the research and development of new active ingredients. They also include the development of software platforms for specialized methods in this environment. The company became the target of a ransomware attack in which large parts of the existing infrastructure, systems, and data were encrypted and thus made inaccessible. As some of these data and systems were GxP-relevant, the restoration of IT services and functions had to be closely accompanied. Furthermore, it had to be fully documented from an IT quality management perspective.

To achieve this objective, the client required:

  • Support in documenting and evaluating recovery activities for infrastructure, IT systems, and data
  • Coordination of activities with other departments, e.g. IT Security, Data Privacy, and IT Operations
  • Creation of quality reports for individual sub-areas of restored IT services and functionalities
  • Review and, if necessary, improvement of existing quality management processes to prevent future IT security risks

Project execution

At the beginning of the project, the recovery activities defined by the project team were recorded and evaluated with regard to their regulatory relevance. In addition, the results of the forensic analysis of the ransomware attack were incorporated in order to review the effectiveness of existing quality management processes and optimize them where necessary. Based on this analysis, a quality plan was developed covering the following activities and areas:

  • Development of a procedural recovery framework through the integration of forensic findings and the existing quality management framework
  • Restoration of a secure IT infrastructure through the establishment of a secure environment
  • Creation of regulatory documentation through complete documentation of the restored IT infrastructure for compliance requirements
  • Reinstallation of IT systems by means of recovery through new installations to eliminate malicious code
  • Integrity-assured data migration through documented transfer of relevant data while maintaining consistency
  • Consolidation of data sets through synchronization of restored data with information newly generated since the attack
  • Comprehensive system validation through documented testing of restored systems and data prior to release
  • Timely quality reporting and release management for efficient approval of infrastructure and systems

The implementation of this plan and the associated activities required intensive coordination with all departments. This was necessary in order to enable a fast, secure, and regulatorily compliant release of IT services and systems.

Results and benefits

The project was successfully completed on schedule and within the planned budget, as analysis, documentation, and release activities were appropriately scaled and efficiently coordinated. The restored IT systems and associated data fully meet all internal and regulatory requirements. Throughout the entire recovery process, internal quality assurance continuously monitored the created documentation in close coordination with the IT quality function to ensure complete regulatory compliance and adherence to the highest internal quality standards. The resulting IT infrastructure meets the highest requirements in terms of security, data integrity, and operational reliability.