Why combatting cybercrime is critical for life science companies
Biotech and pharmaceutical firms hold vast amounts of valuable data and information making them prime targets for cyber-attacks – so how are they protecting themselves?
In the American political thriller series, Homeland, a vice-presidential candidate’s pacemaker was attacked by offshore terrorists, inducing a heart attack that resulted in his untimely death. In the real world, when Dick Cheney was serving as the 46th vice-president of the United States between 2001 and 2009, he famously deactivated the connectivity on his pacemaker to prevent anything similar from taking place.
The threat to medical devices may seem like the stuff of science fiction, but in the US healthcare is now the largest target of cyber security attacks, reportedly at greater risk than manufacturing and banking.1 According to experts, the value of stolen personal health information is 10-20 times greater than the value of a stolen credit card number.
Life science companies hold vast amounts of critically important data and information. Obvious categories include data arising from the development and testing of pharmaceutical products, including clinical trial data, while the rise of biologic drugs has also brought with it valuable manufacturing know-how for these complex molecules.
The sophisticated nature of medical devices and their connectivity raises additional risks. Add in commercially sensitive information about products and their pricing and promotion, and it’s no surprise that the sector finds itself the target of cyber attacks.
Healthcare cyber security is becoming a significant area of concern for medical device manufacturers and regulators tasked with protecting the public. So far, most of the examples in Canada and the US have been ransomware attacks, where hospital networks are attacked and a bitcoin ransom is demanded. There is a potential loss of data, and a risk that hackers have gained access to potentially significant personal health information.
In Europe and elsewhere, cyber-attacks are increasing thanks to the growing volume of electronic data and the rising use of electronic storage to keep data. Adding to the problem is the sophistication of cyber criminals.
In life sciences, there is an employee threat, where insiders may want to make use of information that they have access to, whether it is intellectual property or personal data. Another potential motivation is around sabotage and public profile, where there are people with grudges against pharma companies who want to cause those comp – anies harm by disrupting their businesses and generating bad press.