A Pennsylvania-headquartered company just spent the last week scrambling to put its business back together after a ransomware attack. West Pharmaceutical Services, the Exton, PA injectable-packaging giant, told the SEC that attackers breached its network on May 4, stole data, and encrypted systems — forcing the company to pull infrastructure offline worldwide. If a 100-year-old Fortune 500 supplier with a real security budget can be knocked sideways, the playbook attackers used is absolutely being run against York County small businesses too.
What happened at West Pharmaceutical
Pennsylvania pharma giant West Pharmaceutical Services is scrambling to restore systems impacted by a ransomware attack last week. The incident occurred on May 4 and prompted the proactive shutdown and isolation of affected on-premise infrastructure. The containment measure disrupted the company's business operations globally, West Pharmaceutical Services said in a Monday filing with the Securities and Exchange Commission.
Founded in 1923 and headquartered in Exton, Pennsylvania, West Pharmaceutical Services makes injectable pharmaceutical packaging and delivery systems. In plain English: this is a major Pennsylvania manufacturer that supplies critical components to drug makers worldwide, and for several days it couldn't reliably ship, receive, or manufacture.
The attack involved data exfiltration before file-encrypting ransomware was deployed. That's the standard double-extortion model now — steal the data first, encrypt second, and demand payment to avoid both downtime and a public leak. No ransomware group has publicly claimed responsibility, which SecurityWeek noted may suggest a ransom was paid.
Why this matters for a small business in York County
Two reasons.
First, the supply chain. The pharmaceutical manufacturers that rely on West's packaging and delivery systems as a critical supply chain input face potential downstream impact if production delays affect their own manufacturing schedules. Most small businesses aren't pharma manufacturers, but every York County business depends on a vendor that depends on a vendor. When a key supplier goes dark for a week, your invoices, shipments, and customer commitments go dark too. Vendor risk is your risk, and a real small-business cybersecurity program in York has to account for the suppliers you can't control.
Second, the attack pattern. West isn't an outlier — it's the template. 88% of ransomware attacks hit small businesses in 2025. The attackers have done the math; lower ransom expectations, but higher success rates because SMB defenses are viewed as thinner. The same crews running playbooks against Fortune 500 pharma companies run cheaper, automated versions against accounting firms, dental offices, and manufacturers across the Mid-Atlantic.
What your managed-IT provider should already be doing
If you're paying for managed IT, an incident like this is the test. Here's the short list of what should already be in place — not promised, in place:
1. Offline, tested backups. Maintain offline backups (not just cloud copies). Follow the 3-2-1 rule: 3 copies of your data, stored on 2 different media types, with 1 copy kept offsite. Finally, test your recovery plan regularly. Ransomware that can reach your cloud sync can encrypt your cloud backup. The offline copy is what saves you.
2. 24/7 monitoring and endpoint detection. West caught this quickly enough to isolate infrastructure before everything burned. That's only possible with someone — or some system — watching around the clock. Monitor your IT environment for signs of lateral movement; unusual login activity, unexpected network traffic, disabled antivirus tools. Deploy endpoint detection and response (EDR) solutions that flag suspicious behavior in real time. This is the core of proactive IT monitoring — catching the attacker on the way in, not after files are encrypted.
3. MFA on everything that touches the internet. Compromised credentials were involved in 42% of breaches. Email, VPN, remote desktop, financial software — if it has a login page on the open internet and it's not behind multifactor authentication, it's a question of when, not if. This is non-negotiable in the layered security stack we run for clients.
4. A patching program for the perimeter. Ransomware crews love unpatched firewalls and VPN appliances. The Pennsylvania Attorney General's office was reportedly breached last year through an unpatched Citrix vulnerability. Cybersecurity researcher Kevin Beaumont reported in September that the organization was likely penetrated via the exploitation of a Citrix Netscaler vulnerability dubbed CitrixBleed2. If your firewall and VPN aren't being patched on a documented schedule, you have the same exposure.
5. An incident response plan you've actually read. West had crisis protocols, outside incident-response retainers, and law enforcement contacts ready to go. The pharma giant retained Palo Alto Networks' Unit 42 threat intelligence and incident response team to aid with containment, system restoration, and incident investigation, and notified law enforcement. A small business doesn't need Unit 42 on retainer, but it does need to know who to call, in what order, at 2 a.m. on a Sunday. That's a basic deliverable from a real managed IT services engagement.
The pattern across Pennsylvania
West isn't the only Pennsylvania organization to get hit recently. The Pennsylvania Office of the Attorney General confirmed suffering a data breach after it was targeted in a ransomware attack earlier this year. The attack came to light in August, when the organization announced that a cyberattack had disrupted its website, email accounts, and phone lines. Service outages lasted for roughly three weeks. The OAG confirmed in late August that it had been targeted in a ransomware attack that involved the deployment of file-encrypting malware, but said no ransom had been paid. And in September 2025, ShinyHunters released thousands of internal University of Pennsylvania files — donor records, internal memos, and other confidential materials.
The common thread isn't industry — it's that attackers are systematically working through Pennsylvania organizations of every size. A York County dentist or distributor is on the same target list.
What York Businesses Should Do
If you run a small business in York County and you can't immediately answer the questions "when was our last tested restore?" and "who do we call if every computer locks up tonight?" — those are the two conversations to have this week. York Computer builds both into the standard managed-IT plan, and we're happy to do a no-cost review for any Shiloh, Spring Garden, or West Manchester business that wants a second set of eyes.
Sources
- West Pharmaceutical Services Hit by Disruptive Ransomware Attack — SecurityWeek
- West Pharmaceutical warns of ransomware attack impacting business operations — The Record
- West Pharmaceutical Services Hit by Disruptive Ransomware Attack — Security Boulevard
- Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack — SecurityWeek
- New Year, New Small Business Cybersecurity Threats 2026 — Acrisure