The onset of the Covid-19 pandemic last year triggered a wave of cyberattacks in the life sciences industry, and the problem is likely to get worse. Biotech startups need to improve their cybersecurity, but where should they start?
According to a report published in May this year, 10% of the biggest pharmaceutical companies worldwide are at high risk of cyberattacks. One of the biggest examples happened in 2017, when the US company Merck Sharp & Dohme (MSD) became the collateral victim of a Russian ransomware attack, which locked up the company’s data in the alleged hopes of receiving a ransom payment. MSD lost at least €850M in damages and is still battling with insurers to recoup the damages.
“More importantly, it actually led to a shortage of the HPV vaccine Gardasil in the US and we had to go through the strategic national stockpile,” said Charles Fracchia, CEO of the US life sciences and cybersecurity firm BioBright. “So we see that the impact of digital technology on real-world biotech and pharma workflows is very real, very tangible.”
Why has there been a wave of cyberattacks during the pandemic? One factor is that biotech investments went through the roof last year as the pandemic catapulted the industry into the spotlight. The resulting growth in lucrative biotech companies and research worldwide means more potential targets for criminals. Another factor is politics around the development and distribution of Covid-19 vaccines and treatments.
“Unfortunately, vaccine development has become a geopolitical national game as opposed to an international united fight against an adversary,” said Fracchia. “It’s a matter of national pride.”