Cyber hackers target businesses of all shapes and sizes, but the pharmaceutical industry remains a prime target, especially as these companies undergo digital transformation and move high value data online. But how can the industry protect itself from the threat of cyber attack? Jack Garnsey, Product Manager at VIPRE SafeSend and Security Awareness Training explains.
Recent research has found that the pharmaceutical industry is among the most threatened areas for cyber crime globally1 and needs to step up to this growing challenge. This is an industry built on innovation with all of the characteristics that are attractive to cyber hackers, including extensive spend on research and development (R&D), highly sensitive intellectual property (IP) and access to patient data, as well as almost total reliance on technology to efficiently run. But there are some crucial steps that the pharmaceutical industry can take to reinforce its cyber security defence and keep this data safe.
This report addresses the key factors shaping pharmaceutical formulation, including regulation, QC and analysis.
Access the full report now to discover the techniques, tools and innovations that are transforming pharmaceutical formulation, and learn how to position your organisation for long-term success.
What you’ll discover:
Key trends shaping the pharmaceutical formulation sector
Innovations leading progress in pharmaceutical formulation and how senior professionals can harness their benefits
Considerations and best practices when utilising QbD during formulation of oral solid dosage forms
Can’t attend live? No worries – register to receive the recording post-event.
The value of health data
The data held by pharma companies includes proprietary information about drugs, data related to pharmaceutical developments and technologies, as well as sensitive and personal patient information – all of high value to cyber criminals. This data must also abide by strict privacy guidelines regarding the safeguarding of Protected Health Information (PHI). This means that losing control over such information can have devastating repercussions for the business, which emphasises the need for a layered and constructive cyber security approach.
Pharmaceutical teams need to recognise what they can do to safeguard digital assets”
The consequences of such infringements go beyond the financial implications from exposed data. It also affects the company’s reputation, diminishing patient or stakeholder trust, resulting in operational disturbance and potential regulatory fines. When cyber attacks happen, the reputation of a company is one of the key areas that suffers damage, and particularly for pharma organisations, it is vital that individuals have trust in the company to keep their health data secure.
Merck and Co, one of the largest pharmaceutical companies in the world, was hit by a ransomware attack in June 2017, affecting 30,000 computers and 7,500 servers.2 The drug manufacturer suffered hundreds of millions in damages and the attack led to unfortunate disruptions of worldwide operations – including manufacturing, research and sales operations. Unfortunately, this included a vaccine-plant going down, crippling the production facilities for a leading vaccine against human papillomavirus. The overall cost of a cyber attack, such as this example, can almost be immeasurable due to the different and complex ways a business can be affected.
COVID-19 accelerating cybercrime
With social distancing measures in place and many working from home as a result of the ongoing pandemic, COVID-19 has accelerated the need to strengthen a business’ cyber security posture across all sectors. Especially as hackers take advantage of this situation, with Her Majesty’s Revenue and Customs (HMRC) finding that cyber hacks peaked in May 2020, after rising 337 percent from 133 in March to 5,152 during the peak of the pandemic.3 These findings demonstrate the significance of having adequate cyber security controls in place and this is no different for pharmaceutical firms – particularly as cyber criminals seek to exploit the progression and experimentation of COVID-19 medication and vaccinations.
Last year, a joint statement was issued by the Certified Information Systems Auditor (CISA), the National Security Agency (NSA) and various cybersecurity authorities across the United Kingdom and Canada, alleging that the Russian Intelligence Services were targeting COVID-19 vaccine and research development facilities with cyber hacks.4 The warning highlighted that any serious delay caused by these cyber threats and attackers could jeopardise the lives of millions of people, as well as impact the expenditure that goes into making the medicines.
In line with this, pharmaceutical companies are facing more pressure than ever before with the demand to create and distribute COVID-19 vaccines. Teams will be working harder, faster and for longer to fulfil these needs, which in turn, can cause cyber security to drop to the bottom of their areas of concern. Being tired, distracted and facing new constraints can be prime contributing factors to individuals making errors that lead to security incidents, for example, an accidental data leakage by sending the wrong attachment or email to an incorrect recipient or clicking on a link in a phishing email.
A combined cyber approach
The 2020 Cost of a Data Breach Report found that the average total cost of a data breach was significantly higher for the healthcare and pharmaceutical industry compared to less regulated industries such as hospitality, media and research.5 It is therefore vital that pharmaceutical companies have a thorough cyber security policy in place to protect those digital assets.
Deploying a holistic cyber security approach can provide greater insight into possible security risks before they occur”
A layered defence approach is the most important strategy for pharma organisations to have in place, one which combines foundational protection, innovative tools, security culture and workforce education. Email is the most common form of communication within businesses, which means that personal and sensitive information is commonly shared in this way. However, there are solutions available that can support users in ensuring they are sending documents securely and to the right person, providing individuals with a critical double-check alert before clicking send.
Deploying a holistic cyber security approach can provide greater insight into possible security risks before they occur, while continuously re-examining the company’s cyber protocols to ensure they keep up to date with the modern threat landscape and meet the workforce’s needs.
Educated and aware workforce
Pharmaceutical teams need to recognise what they can do to safeguard digital assets and how to circumvent individuals falling victim to a phishing attack or email hack that could reveal confidential data. Especially as cyber hackers continue to deploy a variety of innovative tactics to target all organisations, including the pharma industry. If staff are not aware or educated on the risks they pose, valuable data and intellectual property could end up in the wrong hands. This will be both an advantage for competitors, and an opportunity for the cyber attacker to leverage a ransom for these sensitive resources.
To combat this hurdle, Security Awareness Training programmes can offer real-life training modules for pharmaceutical organisations to assess their reaction to threats, pinpoint where refinements can be made and develop strategies to address any limitations. Such programmes can be used to invigorate current strategies and highlight any weaknesses. The foundation of any successful security strategy is having a strong security culture embedded within an organisation, where teams are educated about the risks they pose in their day-to-day communications and are aware of the responsibilities they hold in keeping data safe.
As the attention draws on pharmaceutical companies during the ongoing pandemic, these organisations are more at risk than ever before. This means they must take the necessary steps to alleviate any internal and external risks. But with a multi-layered strategy in place, including a combination of education, technology and awareness, the pharma industry can execute the appropriate steps to preserve data privacy and protect sensitive and valuable material.
About the author
Jack Garnsey has worked in IT Security for 20 years, first as a Head of Technical Support and now as Product Manager for the VIPRE SafeSend and Security Awareness Training services. Jack is a key player in VIPRE’s ongoing development of features and services which protect and empower our customers.
Sagonowsky E. Merck, insurers fight over $1.3B in damages from cyberattack: Bloomberg [Internet]. FiercePharma. 2019 [cited 6 May 2021]. Available from: https://www.fiercepharma…
Curran J. CISA’s Corman Warns COVID Vaccine Hacks Could Endanger Millions [Internet]. Meritalk.com. 2020 [cited 6 May 2021] Available from: https://www.meritalk.com/articles/cisas…
This website uses cookies to enable, optimise and analyse site operations, as well as to provide personalised content and allow you to connect to social media. By clicking "I agree" you consent to the use of cookies for non-essential functions and the related processing of personal data. You can adjust your cookie and associated data processing preferences at any time via our "Cookie Settings". Please view our Cookie Policy to learn more about the use of cookies on our website.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorised as ”Necessary” are stored on your browser as they are as essential for the working of basic functionalities of the website. For our other types of cookies “Advertising & Targeting”, “Analytics” and “Performance”, these help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these different types of cookies. But opting out of some of these cookies may have an effect on your browsing experience. You can adjust the available sliders to ‘Enabled’ or ‘Disabled’, then click ‘Save and Accept’. View our Cookie Policy page.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Cookie
Description
cookielawinfo-checkbox-advertising-targeting
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertising & Targeting".
cookielawinfo-checkbox-analytics
This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
This cookie is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Performance".
PHPSESSID
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
zmember_logged
This session cookie is served by our membership/subscription system and controls whether you are able to see content which is only available to logged in users.
Performance cookies are includes cookies that deliver enhanced functionalities of the website, such as caching. These cookies do not store any personal information.
Cookie
Description
cf_ob_info
This cookie is set by Cloudflare content delivery network and, in conjunction with the cookie 'cf_use_ob', is used to determine whether it should continue serving “Always Online” until the cookie expires.
cf_use_ob
This cookie is set by Cloudflare content delivery network and is used to determine whether it should continue serving “Always Online” until the cookie expires.
free_subscription_only
This session cookie is served by our membership/subscription system and controls which types of content you are able to access.
ls_smartpush
This cookie is set by Litespeed Server and allows the server to store settings to help improve performance of the site.
one_signal_sdk_db
This cookie is set by OneSignal push notifications and is used for storing user preferences in connection with their notification permission status.
YSC
This cookie is set by Youtube and is used to track the views of embedded videos.
Analytics cookies collect information about your use of the content, and in combination with previously collected information, are used to measure, understand, and report on your usage of this website.
Cookie
Description
bcookie
This cookie is set by LinkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
GPS
This cookie is set by YouTube and registers a unique ID for tracking users based on their geographical location
lang
This cookie is set by LinkedIn and is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc
This cookie is set by LinkedIn and used for routing.
lissc
This cookie is set by LinkedIn share Buttons and ad tags.
vuid
We embed videos from our official Vimeo channel. When you press play, Vimeo will drop third party cookies to enable the video to play and to see how long a viewer has watched the video. This cookie does not track individuals.
wow.anonymousId
This cookie is set by Spotler and tracks an anonymous visitor ID.
wow.schedule
This cookie is set by Spotler and enables it to track the Load Balance Session Queue.
wow.session
This cookie is set by Spotler to track the Internet Information Services (IIS) session state.
wow.utmvalues
This cookie is set by Spotler and stores the UTM values for the session. UTM values are specific text strings that are appended to URLs that allow Communigator to track the URLs and the UTM values when they get clicked on.
_ga
This cookie is set by Google Analytics and is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. It stores information anonymously and assign a randomly generated number to identify unique visitors.
_gat
This cookies is set by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.
_gid
This cookie is set by Google Analytics and is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
Advertising and targeting cookies help us provide our visitors with relevant ads and marketing campaigns.
Cookie
Description
advanced_ads_browser_width
This cookie is set by Advanced Ads and measures the browser width.
advanced_ads_page_impressions
This cookie is set by Advanced Ads and measures the number of previous page impressions.
advanced_ads_pro_server_info
This cookie is set by Advanced Ads and sets geo-location, user role and user capabilities. It is used by cache busting in Advanced Ads Pro when the appropriate visitor conditions are used.
advanced_ads_pro_visitor_referrer
This cookie is set by Advanced Ads and sets the referrer URL.
bscookie
This cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.
IDE
This cookie is set by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
li_sugr
This cookie is set by LinkedIn and is used for tracking.
UserMatchHistory
This cookie is set by Linkedin and is used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
VISITOR_INFO1_LIVE
This cookie is set by YouTube. Used to track the information of the embedded YouTube videos on a website.
