MKS Instruments, a semiconductor equipment manufacturer, has said that it will lose $200m in revenue as a result of a ransomware attack that hit the company in February. The attack temporarily stopped operations in some of the company’s facilities and removed its ability to process orders and ship products.
The company has not yet reopened all the affected manufacturing and service operations in its Vacuum Solutions and Photonics Solutions divisions.
Furthermore, a former employee filed a lawsuit against the company for violating California privacy law, accusing it of failing to safeguard medical and personal information.
The attack on MKS Instruments encrypted business and manufacturing systems, and it is possible that hackers may have also exfiltrated workers’ Social Security numbers, bank account information, payment card information, and information about disabilities, health, and medical conditions. The company has said that it has incurred ransomware-related costs in hiring forensic experts, restoration experts, and legal counsel and in paying increased overtime to employees.
It has also spent money on restoring its systems, accessing its data, and enhancing its cybersecurity measures.
MKS Instruments said it will strengthen access requirements and unauthorized access detection for its financial reporting systems and implement procedures to facilitate more timely restoration.
However, the company told regulators that it has exposed itself to more or different cyber and data security threats as it moves towards using more cloud-based solutions that are dependent on the internet or other networks to operate.
The company said the risks may be amplified by increased reliance on remote access to IT systems as a result of using SaaS software and cloud and remote services and having staffers work remotely.