COVID-19 Pandemic Leaves Pharmaceutical Companies Vulnerable to Cyber Criminals

Hacking

Although many cyber criminals have pledged not to attack healthcare providers during the COVID-19 pandemic, one expert tells CNBC that this may not extend to pharmaceutical companies.

Sivan Nir, threat intelligence team leader at the cybersecurity company Skybox Security Research Lab, spoke to the news source on May 12, citing her concerns surrounding cybersecurity and the pharmaceutical industry. She told CNBC that while there is a certain amount of “honor” among thieves pertaining to the COVID-19 crisis, it does not extend to pharmaceutical companies.

For example, hackers published internal data from ExecuPharm back on March 13 following a ransomware attack. Employee files were accessed, according to a letter filed with the office of Vermont Attorney General TJ Donovan.

In an interview with TechCrunch, a company executive confirmed that the CLOP ransomware group was behind the attack. The group allegedly attacked ExecuPharm because as a commercial pharmaceutical company, it is “benefiting” from the COVID-19 pandemic. 

So, what are pharmaceutical companies doing to defend themselves from similar attacks?

Chuck White, chief technology officer for the cybersecurity company Fornetix, told CNBC that organizations have options when it comes to protecting their data. He says that ensuring that the company is using maximum strength in algorithms can help. In addition, he recommends investing in storage technologies that can be secured with encryption, and says that employees should not be using work equipment for their personal needs.

Jason Smolanoff, global cyber-risk practice leader at Kroll, notes that new cyber attacks are already being developed. He cited a pharmaceutical company that became the victim of an attack while working on a vaccine.

Smolanoff says there are different versions of ransomware that can encrypt data and also steal it. When data is stolen, companies have a legal obligation to inform those who were victimized by the attack.

White claims that patients in clinical studies are typically the main victims. Pharmaceutical companies have patients’ personal information, and the collateral damage can be devastating for the victim of a ransom attack. To minimize the risk, White says that pharmaceutical businesses can reduce the amount of data they require from patients. Ultimately, this means reducing the amount of information they have as a whole.

In a report published at the beginning of May by BlackCloak, it was revealed that there are still widespread vulnerabilities at some of the largest pharmaceutical companies in the world. Cybercriminals appear to be exploiting password vulnerabilities to navigate through executives’ personal email, accounts and social media.

According to the report, 68% of pharmaceutical executives’ emails have been exposed in a data breach over the past five to 10 years. Of those exposed, the hacked passwords have been viewable on the dark web for 57% of these executives with exposure.

“The personal and corporate lives of executives are intermeshed and user passwords on non-corporate systems can put the company at a weaker cybersecurity stance,” wrote the authors in the report. “In order to reduce the corporate attack surface, executives must be protected around the clock. For privacy and legal reasons, this is a task that should never be done by the company itself.”

BlackCloak CEO and Founder Chris Pierson spoke with CNBC about the report, stating that unfortunately, cyber criminals go to what’s hot, and right now it happens to be the pharmaceutical and medical industries. He does not foresee the trend going away any time soon.

Back to news