Pharma Cybersecurity Challenges: A Holistic Prescription
Summary
The pharmaceutical sector remains a prime target for cyber-attacks. An industry built on innovation, with extensive investments in Research and Development (R&D) and Intellectual Property (IP) on medicines and patient health data, bridges the divide between business and healthcare, becoming a hot spot in the health data threat landscape.- Author Company: PharmiWeb.com
- Author Name: PW Editor
- Author Email: kelly.tipper@pharmiweb.com
- Author Telephone: +441344851506
Pharma Cybersecurity Challenges: A Holistic Prescription
The pharmaceutical sector remains a prime target for cyber-attacks. An industry built on innovation, with extensive investments in Research and Development (R&D) and Intellectual Property (IP) on medicines and patient health data, bridges the divide between business and healthcare, becoming a hot spot in the health data threat landscape.
According to a study conducted by Deloitte, the pharmaceutical industry is now frequently the number one target of cybercriminals around the world, as these companies move toward increased digitisation and storing valuable data online. Jack Garnsey, Product Manager VIPRE SafeSend and Security Awareness Training, explains how the increasing sophistication of cyber-attacks has hit the pharmaceutical industry hard in recent years and outlines some essential steps to take in strengthening industry cybersecurity defence.
The Value of Pharma Data
Pharmaceutical companies are especially attractive to criminals because the data they hold is incredibly valuable. The data collected by pharmaceutical companies, including proprietary information about drugs, data related to pharmaceutical advances and technologies, and patient information are all sensitive, which means that losing control over that data can have catastrophic consequences. Additionally, the industry holds strict privacy guidelines regarding the safeguarding of protected health information (PHI) which highlights the need for an effective cybersecurity strategy.
The effect of such breaches goes beyond the direct damage from lost data, it also affects the company valuation, erodes patient and consumer trust, resulting in regulatory fines and overall operational disruption. Individuals need to have trust in the pharmaceutical industry to secure their health data, so when these attacks happen, reputation is one of the main aspects that can become tarnished.
Multinational pharmaceutical company Merck and Co. fell victim to a ransomware attack in 2017, which ultimately crippled 30,000 end-user devices and 7,500 servers. The malware caused $1 billion in damages, lost sales, and resources to recover from the incident. More crucially, the breach crippled Merck’s production facilities for the leading vaccine against human papillomavirus. The impact of a data breach such as this can be catastrophic, but the causes of damage in so many differing and complex ways mean that the actual cost is almost incalculable.
Increased Risk Following COVID-19
COVID-19 has created a surge of urgency to enhance cybersecurity posture within all industries, as HMRC found scams increased by 337% between March and May, and this is no different for pharmaceutical firms. It has never been more important to have the right security measures in place as cybercriminals seek to interfere with, and take advantage of the research and development of COVID-19 medicine and vaccinations.
Additionally, with pharma companies facing increasing pressures from the likes of the previous US President and accelerated demand to create a COVID-19 vaccine, staff are working faster, harder and longer hours than ever before. In turn, this can have an effect on their cyber awareness as it falls to the bottom of their priority lists. Distractions and working under pressure can be key contributing factors in mistakes being made that lead to security incidents, such as accidental data leakage for example.
In July, the Certified Information Systems Auditor (CISA), the National Security Agency (NSA) and cybersecurity authorities across the United Kingdom and Canada issued a joint warning, accusing Russian intelligence services of targeting COVID-19 research and vaccine development facilities with cyber attacks. Any significant delay caused by these cyber threats and hackers could endanger the lives of millions of people, as well as impact the investment that goes into making the medicines.
A Holistic Cybersecurity Approach
Within the 2020 Cost of a Data Breach report, it found that healthcare and pharmaceuticals experienced an average total cost of a data breach significantly higher than less regulated industries such as hospitality, media and research. With electronic prescriptions and digital records becoming the norm, it is key to have a comprehensive cybersecurity strategy in place to safeguard those digital assets.
A combination of technology, workforce education and security culture provides a layered defence to protect pharma organisations from cyber attacks. Sensitive internal documents that include valuable intellectual property are communicated via email, and tools such as VIPRE’s SafeSend will help to make sure that the recipient is correct, as well as highlighting if the information is appropriate to share with the correct encryption levels. This email solution can help users determine the appropriate course of action when sending sensitive information, providing them with a necessary double-check alert.
Implementing a holistic cybersecurity approach can help to reveal potential risks before they can be exploited, while keeping up to date on the latest cyber security threats, and continuously re-evaluating the company’s cyber security protocols to ensure they are meeting the workforce’s needs effectively.
Securing the Pharmacy Threat with the Workforce
Cyber attackers deploy a wide range of tactics to target the pharma industry and the overall supply chain. As hackers target valuable data and intellectual property, if this data was to end up in the wrong hands, it will be both an advantage for pharma competitors, and an opportunity for the cyber attacker to leverage a ransom for these sensitive resources.
Pharma organisations need to understand what they can do to protect the company’s digital assets, how to avoid staff falling for a phishing attack or an email scam that could expose confidential information, and the best practice to follow within the modern threat landscape. However, improperly trained employees are a challenge faced by many companies, both inside and outside the pharmaceutical industry.
Security Awareness Training programmes can offer simulated examples where pharma companies can review their response to threats, identify where improvements can be made, and formulate strategies to address any shortcomings. This can be used to strengthen current protocols in place and highlight any vulnerabilities. Building a strong security culture within teams and maintaining awareness of cyber threats will help staff become more knowledgeable of the risks they pose in their day-to-day job and the unique responsibilities they hold regarding data protection.
Cyber attacks are a never-ending threat, and with pharma organisations being in the spotlight now more than ever before, they must take action to mitigate any risks, both internally and externally. With the right strategy in place, including a combination of technology, education and awareness, pharmaceutical organisations can implement the right steps to safeguard their information and maintain data privacy.