MKS Instruments Ransomware Attack Results in $200M Sales HitAttack Removed MKS' Ability to Process Orders, Ship Products or Provide Services
Semiconductor equipment maker MKS Instruments says a February ransomware attack will cost it $200 million in lost revenue after the hack removed its ability to process orders or ship products.
The Andover, Massachusetts company told federal regulators the Feb. 3 ransomware attack required the company to temporarily suspend operations at some facilities. More than a month later, it still hasn't reopened all affected manufacturing and service operations in its $1.96 billion Vacuum Solutions Divisions and its $1.06 billion Photonics Solutions Division (see: Ransomware Attack Disrupts Operations at MKS Instruments).
On March 3, a former employee hit the company with a putative class action lawsuit filed in Orange County Superior Court accusing it of violating California privacy law by failing to safeguard medical and personal information. MKS Instruments said it will defend itself in the lawsuit but can't predict the timing, outcome or cost of the proceedings.
"The financial ramifications, temporary manufacturing delays and the class action lawsuit underscore the potential cascading impacts of any cyber incident and the need to bolster cybersecurity across the industry," Terry Dennehy, vice president and senior credit officer for Moody's Investors Service, said in a statement.
Data Exfiltration Might Have Accompanied System Encryption
MKS Instruments generated $742 million of revenue in the quarter ended March 31, 2022. A $200 million impact from the ransomware attack represents a nearly 27% hit to sales. The company said it has completed restoration of many of its IT systems, including its ERP, since the hack. The company's $517 million Materials Solution Division - which was bought from Atotech - wasn't affected by the incident.
In addition to lost revenue, MKS Instruments incurred ransomware-related costs tied to bringing on forensic experts, restoration experts and legal counsel and from paying increased overtime to employees. The company said it has also spent money this quarter to restore its systems, access its data and enhance its cybersecurity measures.
In addition to encrypting business and manufacturing systems, MKS Instruments said the hackers might have exfiltrated workers' Social Security numbers, bank account information, payment card information, and information about disabilities, health and medical conditions.
The plaintiff in the class action complaint, who is identified only as John Doe, alleges MKS Instruments failed to invest in cybersecurity. The filing says MKS Instruments didn't encrypt medical and personal information or implement adequate user authorization and authentication processes.
MKS Instruments said it determined after the ransomware attack that it hadn't maintained sufficient IT controls to prevent or detect unauthorized access to its financial reporting systems on a timely basis. Specifically, the company said controls around access authentication, intrusion detection and response, and backup and restoration came up short, making it difficult for MKS to recover quickly.
Although the weakness around MKS Instruments' financial reporting systems didn't result in a misstatement in any of the company's financial statements, the company said insufficient controls meant a material misstatement wouldn't have been prevented or detected, had one occurred.
MKS Instruments said it plans to strengthen access requirements and unauthorized access detection for its financial reporting systems as well as implement procedures to facilitate more timely restoration. The weaknesses won't be considered remediated until the plan has been fully implemented, applicable controls have been operating for a sufficient period of time, and it has been determined that the controls operate effectively.
The company told regulators it has exposed itself to more or different cyber and data security threats as it transitions to using more cloud-based solutions that are dependent on the internet or other networks to operate. MKS Instruments said the risks may be amplified by increased reliance on remote access to IT systems as a result of using SaaS software and cloud and remote services and having staffers work remotely.