Recent Ransomware Attacks in the Biopharma Industry
A 2021 U.S. government report found health care as the most affected industry by cyber-attacks, with biotech being the weakest link. In 2020, vaccine manufacturers like Dr. Reddy’s Laboratories, AstraZeneca, J&J, and Novavax faced cyberattacks.
Earlier this month, Japanese pharmaceutical company Eisai revealed that it had fallen victim to a ransomware incident on Saturday, June 3, resulting in the encryption of some of its servers. Due to the cyber-attack, several systems, including logistics systems, were temporarily taken offline. Eisai’s corporate websites and email systems remained operational, and the company was investigating potential data leaks.
In response to the attack, Eisai promptly established a company-wide task force and collaborated with external experts to initiate recovery efforts. Law enforcement was also informed about the incident. And though no organization wants a ransomware incident within its infrastructure, having a robust security incident response program with a team that clearly understands its roles and responsibilities can help return quickly to operations.
In another recent security incident, German biotech Evotec shut down its network in early April after noticing unusual activity on its IT systems. Suspicious activity triggered a shutdown of its digital infrastructure. A forensic examination is underway, and authorities have been notified. Business continuity is maintained across the company’s sites, but unconnected systems might cause delays or slower responses to partners.
Back in March, Sun Pharmaceuticals, the world’s fourth-largest generic drugs manufacturer, reported a ransomware attack compromising some of its file systems. The company initiated an investigation and carried out containment and remediation actions in a controlled manner. The attack did not affect the core systems and operations, but it did impact the organization’s business operations and isolated its network. The company could not determine other potential adverse effects, such as additional security incidents, increased insurance costs, diversion of management time, or possible litigation resulting from the attack.
Unfortunately, these recent ransomware attacks are further proof that cybercriminals will continue to target pharmaceutical companies.
Ransomware Attacks Targeting Biopharma Companies Increased During Pandemic
It is the unsettling truth that hackers are opportunistic criminals. They specialize in taking advantage of vulnerabilities related to both the technology used and human carelessness or error. Cybercriminals have a long history of capitalizing on times of crisis, public attention, and fear. So, when the biotechnology and pharmaceutical sectors were racing to find a treatment or vaccine for the novel coronavirus that caused a global pandemic, hackers identified another window of opportunity.
International authorities warned biopharma and medical organizations about the steep increase in malicious cybersecurity threats during the COVID-19 crisis. Interpol and the FBI both alerted the scientific and healthcare community about business email compromise scams and ransomware linked to the pandemic.
Why Do Hackers Target Biopharma Companies?
Just like hospitals, governments and universities, hackers continue to target biopharma because they sought access to valuable data. Electronic medical records are particularly marketable on the dark web because they include PHI and PII. Additionally, hackers tried to access information about the coronavirus and treatment testing that biopharma companies were working quickly to compile.
Some ransomware operators promised not to target health organizations and non-profits during the virus outbreak. However, many expressly said that they would target pharmaceutical and biotech organizations – companies that could “benefit from the current pandemic” in their opinion. And some criminal groupsfollowed through on those promises. Top national security officials indicated that other countries were likely behind cyberattacks hitting hospitals, research laboratories, and pharmaceutical companies.
Why Did Cyber Threats Increase During the Pandemic?
Cybercriminals knew that healthcare organizations and life science technicians were working hard to contain and respond to the COVID-19 outbreak. They struck then because they assumed that these organizations were more motivated to pay a ransom in order to maintain access to their systems which were so critical at the moment. Thus, there was a spike in targeted ransomware attacks to the key organizations engaged in fighting the pandemic.
During that couple of years, the IT systems of many healthcare providers and clinical labs were knocked out by cyberattacks. For example, a vaccine testing lab of the World Health Organization, at the forefront of global efforts to stop the spread of the coronavirus, was targeted the previous month. Europol also noted a rise in aggressive malware and ransomware attacks that took advantage of the global crisis.
Month over month, attacks more than doubled from January through March. Plus, phishing attempts increased 15-fold in half the time.
How Does Ransomware Affect Biopharma Organizations?
During the period of intense activity related to the COVID-19 pandemic, cybercriminals attacked clinical labs mainly through phishing emails and ransomware. Ransomware is a form of malware that encrypts files on targeted computer networks, blocking access to the data stored there until a ransom is paid for the decryption key.
Specifically, hackers took advantage of the disruptions to work habits and unusual communication activities that people engaged in during pandemic lockdowns. They preyed on remote workers by penetrating networks through virtual private network (VPN) appliances in the infrastructure. According to Microsoft, they also actively scanned the internet for vulnerable systems in order to pounce on common systems administration, updater features, and network security misconfigurations.
Once hackers infiltrated a network, they were able to analyze the data available, adapt and usurp privileges, steal credentials, and take advantage of any security vulnerabilities they found. Moving laterally within the compromised network, attackers could go undetected for weeks or months before planting ransomware or other malware. This was also what made it hard to understand which applications and credentials had been breached after the fact.
Related article: What Are the Hidden Costs of Ransomware Attacks?
Why Does Biopharma Need to Be Vigilant About Cybersecurity?
Aiming to capitalize on the current crisis, ransom amounts, along with the speed and amount of breaches, rose sharply in the last two months. With connections to organized crime, cybercriminals recruited collaborators to implement more intrusive attacks. According to Europol, some also provided ransomware-as-a-service on the dark web. Unfortunately, their strategy worked. Biopharma companies were more likely than ever to pay ransoms then as they were under extreme pressure and time constraints.
The previous month, a ransomware attack infected a California-based biotechnology research firm – 10x Genomics – which was part of an international alliance working to analyze the COVID-19 virus and develop potential treatments. Hackers were able to penetrate the network and steal sensitive information.
Similarly, ransomware attacks targeted biomedical research laboratories and testing facilities in the U.K. and the Czech Republic. They were targeted because of their work connected to COVID-19 testing and vaccine development. Those behind the malicious attacks accessed patient records, which they then leaked online. Additionally, the breaches caused immediate computer shutdowns and disrupted activity.
These were just some examples demonstrating why biopharma companies needed to be on high alert. Without the proper IT security controls in place – and constant monitoring – cybercriminals could disrupt business operations, block access to critical networks, steal sensitive data, and blackmail companies.
What Can You Do to Protect Your Organization?
Security is a team effort. Follow these recommendations to help safeguard your organization in case of future attacks.
- Implement a regular backup process.
- Do not click on links or open attachments in unexpected or suspicious emails.
- Avoid clicking on popups, links, and dialogue boxes.
- Be wary of impersonation techniques, meaning communications claiming to be from trusted sources.
- Only download applications and material from trusted websites.
- Use high-quality IT security products to protect your system from threats.
- Keep security software and the operating system updated.
- Don’t use high-privilege credentials for regular business activities.
Partner with AWA for Cybersecurity Fit for Your Industry
Ransomware is one of the biggest dangers for companies these days in biopharma, and beyond. Contact AWA to start identifying the vulnerabilities in your system and putting the latest security measures in place.