Why pharmaceutical industry loses Billions of dollars every year?
Pharma industry is one of the largest industries that is totally built on innovation, involving a huge investment in research and development (R&D), intellectual property (IP) and patient information. On such a high scale, experiencing losses is common but over recent years the loses have become rapid. If a list needs to be prepared consisting of some of the most pressing issues that are causing such losses, then cybersecurity would undoubtedly be right at the top.
According to IBM’s Cost of a Data Breach 2020 report, “The average cost of a data breach in healthcare industry is $7.3 million.” In the current scenario of COVID-19 pandemic, pharmaceutical companies are being highly attractive to cyber criminals because the data they are holding right now is incredibly valuable. The UK’s National Cyber Security Center (NCSC) reported that hackers, almost certainly operating as part of Russian intelligence services, are targeting organizations developing a coronavirus vaccine in the UK, US, and Canada. Since pharma industry is becoming a hotspot in the health data threat landscape, it is highly important to learn from previous attacks explained below and take necessary actions:
Recent hacks & what the industry has learned from them
NotPetya is broadly known as a state-sponsored Russian cyberattack that act as ransomware. It has number of potential tools that help it spread and infect computers by encrypting the hard drive of the infected computers. Merck one of the world’s largest pharmaceutical companies, said in its quarterly earnings report that, “we still not fully recovered from the June 27 attack.” The company said, “the disruption caused by NotPetya affected manufacturing, research and sales operations worldwide, and that it continues to affect certain operations.” The success of this attack involves number of mistakes, oversights, and criminal acts. Industries affected have learned that one should only utilize approved software, patch management of the operating systems and applications, take regular backups and identify risks and have mitigation plans.
The Winnti malware is a virus that was rarely found on the 64-bit version of Windows. Once this virus gets on the system, the attacker can have a remote administration ability which are then maliciously used to withdraw sensitive data of an attacked company for a long period of time. In July 2019, Swiss pharmaceutics company Roche has confirmed that it experienced a cyber-attack named as Winnti malware. Roche stated that “it had detected and remediated the attack.” A company spokesperson said. “Roche hasn’t lost any sensitive personal data of our employees, patients, customers or business partners.” The company confirmed to be working with authorities in the US, Europe and Switzerland that helped them in combating cyber-security threats – a practice that must be undertaken.
The WannaCry ransomware attack was a worldwide outbreak that took place in May 2017. This ransomware attack escalates through computers that are operating on Microsoft Windows. When this virus gets on the user's system, it gets hold of the crucial files, and a Bitcoin ransom was demanded for their return. This ransomware started with the hospital data hacking and swiftly evolved to corporate network hacking, finally it targeted medical devices within the U.S. While it is impacting the majority of healthcare industries, healthcare industry leaned that there is high priority to collaborate with cybersecurity experts, continue to evolve security measures, prepare teams and deliver company-wide threat resources.
Here’s a Checklist that helps in Safeguarding Pharma Companies from being vulnerable to such attacks:
- Limiting system access to authorized individuals.
- Validation of systems to ensure the accuracy, reliability and consistency in performance of the incorporated systems.
- Use of secure, computer-generated, time-stamped audit trails of electronic records.
- Use of Digital Signatures for Open Systems.
- Use of Electronic signature components and controls.
- Use of authority checks to ensure that the systems are used by only authorized individuals.
- Collaborate with online solutions that holds the highest standard for security such as ISO 27001, EU-US Privacy Shield and SSAE 16.
Since data privacy and security is our top priority here at MSB Docs, we follow this checklist while offering services to our clients. Business leaders that are well aware to keep safety at high priority and works to protect themselves and their company with legally binding contracts choose us. For more details
Fill the form below