Inotiv, a prominent US-based contract research organization (CRO), is grappling with significant operational disruptions after a ransomware attack encrypted parts of its internal systems.
The Qilin ransomware gang has claimed responsibility for the breach, leaking samples of over 170 GB of proprietary research data on their dark web portal.
The company disclosed the incident in an SEC Form 8-K filing dated August 18, 2025, stating it first became aware of the intrusion on August 8. Inotiv’s initial investigation revealed that the attackers gained unauthorized access to its systems and deployed ransomware, encrypting data and disrupting internal business applications. The company responded by initiating containment procedures, bringing in external cybersecurity experts, and notifying law enforcement.
Qilin, a financially motivated ransomware group known for targeting critical industries, took credit for the attack in a post dated August 11 on its dark web leak site. According to the threat actors, the breach resulted in the exfiltration of 176 GB of sensitive data, including complete reports on the development and testing of dozens of drug compounds. They claim the stolen data spans a decade of research and includes trade secrets potentially valued in the hundreds of millions of dollars.
Inotiv, listed on the Nasdaq under the ticker NOTV, provides nonclinical and analytical drug discovery and development services to major pharmaceutical and medical device manufacturers. The company supports its clients from the early stages of drug discovery through investigational new drug (IND) submissions and beyond. Given its role as a contract research partner to many of the world’s top pharmaceutical firms, the exposure of proprietary client research poses not only a severe reputational threat but also significant legal and contractual risks.
The SEC filing confirms that the incident has disrupted access to portions of Inotiv’s network, internal data storage systems, and business applications. The company has transitioned certain operations to offline workflows in an effort to mitigate downtime, but acknowledged that full restoration of systems may take an indeterminate amount of time.
The full scope and financial impact of the incident are still under assessment. While Inotiv has not confirmed whether customer or third-party data was accessed, Qilin’s claims and document samples posted on their leak portal suggest a substantial compromise of confidential research materials. The leaked documents appear to include detailed clinical reports, internal communications, and analytical data, although full verification is ongoing.
This incident adds to a growing list of cyberattacks targeting the healthcare and pharmaceutical sectors, which are particularly lucrative for ransomware groups due to the high value of intellectual property and sensitive data. Qilin, active since at least 2022, has previously targeted Lee Enterprises, threatening to leak 120,000 files it stole from the prominent American media giant.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
