Data Loss Prevention (DLP) , Endpoint Security , Fraud Management & Cybercrime

Pfizer: 2 Ex-Executives Stole Drug IP to Help Their Startups

Pharmaceutical Maker Alleges Forensic Analysis Discovered 'Theft' of Documents
Pfizer: 2 Ex-Executives Stole Drug IP to Help Their Startups

Pharmaceutical giant Pfizer alleges in a federal lawsuit that weeks before two former executives resigned, they stole documents containing trade secrets about diabetes, obesity and cancer treatments under development by the drugmaker to benefit two new biotech startups they had launched.

See Also: OnDemand | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

The complaint, filed Wednesday in a Connecticut federal court, alleges that Min Zhang and Xiayang Qiu stole electronic documents containing Pfizer intellectual property to benefit their own new ventures, Regor Therapeutics, based in Massachusetts, and its China-based counterpart, QILU Regor Therapeutics, located in Shanghai. Both those companies were also named defendants in the lawsuit.

At the time of their resignations from Pfizer in 2018, the lawsuit says, Qiu’s title was executive director of structural biology, and Zhong held the position of director of clinical outsourcing for Pfizer’s Pharmacokinetics, Dynamics & Metabolism, or PDM, group. Each had worked for Pfizer for over 15 years.

Lawsuit Allegations

Among other allegations, Pfizer says that it found through forensic analysis "of various Pfizer repositories," including Zhang’s and Qiu’s company-issued laptops and work email accounts, that the two former employees "used many devices and accounts to carry out their scheme."

For instance, among other claims, Pfizer says the two employees emailed to their personal email accounts, as well as uploaded to their personal cloud-storage accounts, Pfizer documents containing trade secrets, including research and development pertaining to Pfizer’s GLP-1 drug program to treat diabetes and obesity.

"Defendants Zhang and Qiu, based on years of working at Pfizer, saw the promise of Pfizer’s diabetes-and-obesity treatment in development. Instead of carrying out their ethical and contractual responsibilities as Pfizer employees, they decided to steal the hard work of Pfizer’s scientists and clinicians for their own profit and gain," the Pfizer lawsuit alleges.

While still employed at Pfizer, Zhang and Qiu set up Regor Therapeutics, met with international financial backers to fund it and "co-opted Pfizer’s investment and hard work, all to benefit themselves, Regor, and a second company they founded, Defendant QILU Regor Therapeutics," the lawsuit alleges.

"The Pfizer trade secrets and confidential information that Qiu and Zhang stole essentially gave Defendants the playbook and the critical underlying science and data to develop their own supposed diabetes-and-obesity treatment, an unlawful head start that saved Defendants significant money and years of development time," the lawsuit alleges.

Patent Protection

As part of their alleged scheme, within a few months of founding Regor and QILU Regor, Qui and Zhang applied for patent protection for a treatment "strikingly similar" to Pfizer’s diabetes-and-obesity treatment, Pfizer alleges.

"Without the critical head start Zhang and Qiu’s theft provided, Defendants could not have 'developed' their own purported treatment in such a short amount of time," Pfizer alleges.

Pfizer also alleges that an Asian subsidiary of competitor Eli Lilly and Co. was "enticed" by Zhang and Qiu to invest up to $1.5 billion in their Regor startups, which Pfizer claims were "founded on the Pfizer trade secrets and confidential information they stole," including work related to Pfizer's GLP-1 developments.

Regor Therapeutics did not immediately respond to Information Security Media Group's request for comment on the lawsuit. Eli Lilly declined ISMG's request for comment on the case or its investment relationship with Regor.

Forensic Findings

Pfizer alleges that through forensic analysis of Zhang and Qiu's Pfizer accounts and devices, "unbeknownst to Pfizer at the time of Zhang’s departure, he turned in an iPhone that was not his own, and Zhang’s Pfizer-issued iPhone has not been recovered."

Pfizer says it conducted the analysis after it first suspected Zhang and Qiu's "treachery upon publication of Regor’s patent application that claimed the fruits of Pfizer’s years-long research."

In its lawsuit, Pfizer is claiming misappropriation of trade secrets in violation of several laws and regulations, including the Defend Trade Secrets Act of 2016, the Connecticut Uniform Trade Secrets Act and the Connecticut Unfair Trade Practices Act.

Seeking Relief

Pfizer is seeking damages and injunctive relief, which includes an order prohibiting the defendants from using Pfizer’s trade secrets or confidential information and requiring them to return and/or destroy all information allegedly stolen from Pfizer.

Pfizer is also seeking an order requiring the defendants to provide Pfizer with any of their electronic devices - including personal computers, laptops, desktops, iPads or similar tablet devices, smartphones, other handheld devices, external hard drives, flash drives, as well as any cloud-based or social media-based accounts - so that Pfizer can forensically review the devices and identify all Pfizer-owned material for "prompt" removal or deletion.

The legal action taken this week by Pfizer alleging intellectual property theft by former employees is the latest such lawsuit filed by the drugmaker.

In November 2021, Pfizer filed a similar but separate lawsuit in a California federal court against Chun Xiao "Sherry" Li, another former employee (see: Pfizer Alleges Worker Took COVID Vaccine Trade Secrets).

In that lawsuit, Pfizer alleges Li uploaded to personal devices and accounts thousands of files containing confidential information and trade secrets pertaining to the company's vaccines and medications - including its COVID-19 vaccine - to potentially provide to her new employer, competing biopharmaceutical company Xencor Inc.

Protecting IP

Protecting intellectual property against insider threats "begins with appropriate screening of new hires," says former federal prosecutor Andrew Wirmani, an attorney at the law firm Reese Marketos LLP, who is not involved in the Pfizer case.

"Beyond that, companies should have mandatory insider threat and cybersecurity training, procedures to promote bystander reporting, criteria for monitoring network activity for inappropriate use, and consider automated, continuous monitoring," he says.

Regulatory attorney Rachel Rose, who is not involved in the Pfizer case, suggests two fundamental ways to prevent IP from being forwarded to personal email accounts. "First, implement software or use a 'plug-in' such as the one offered by Microsoft that inhibits emails from either being forwarded or from a group being responded to, so that the email can only be sent to the original sender. Second, enable and use audit logs effectively to monitor activity."

In addition to the potential threats posed by insiders, the intellectual property of pharmaceutical and other related industries - including those involved in COVID-19 treatments and vaccines - also continues to be a top target for external bad actors.

"Nation-state-sponsored economic espionage within the United States is well documented," Wirmani says. "The Department of Justice has repeatedly prosecuted this type of conduct and described it as a pervasive threat."

Pfizer's trade secret theft allegations against Zhang, Qiu and their firms "may also involve a state actor," Rose says. The FBI recently stated that China has pioneered "an expansive approach to stealing innovation through a wide range of actors including not just Chinese intelligence services but state-owned enterprises, ostensibly private companies, certain kinds of graduate students and researchers, and a whole variety of other actors working on their behalf," she says.

"As a matter of national security, it is something to be vigilant about."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.