Effect of cybercrime on the pharmaceutical industry

الملخص EN

The pharmaceutical industry has became particularly vulnerable to cybercrime, as the counterfeit pharmaceuticals are a growing and profitable business for fraudsters, who perform these cyber attacks for money, fame or for the politics, eventually it may lead to brand damage or reputational damage, since once a pharmaceutical organization is exposed in the media for breaching data, it can be difficult to recover public trust.

In America, cybercriminals stole 8.3 million patient records from the Virginia Prescription Monitoring Program and demanded a $10m (approximately £6m) ransom.

There is a persistent need to protect drug recipes and researches as those companies are rich in IP, but first they should know where their data is, as the data is often scattered across unstructured sources, having processes and procedures to identify, report and remediate that data and also diminish data sharing, via electronic health records, personal health records, insurance portals and prescription sites, it comprises personal and sensitive information, as well as drug recipes and research data.

Detica (an international business and technology consulting firm owned by BAE Systems) have developed five steps for cybercrime risk appraisal: Establish potential attackers and threats; Assess the likely target of attacks (i.

e.

IP, customer databases, etc.

); Determine the purpose of the attack; Assess the impact of an attack on the organization; and finally, Identify which assets are high impacts and require prioritizing in terms of protection.

The pharmaceutical company Roche has affirmed that it was hit by a Winnti cyber-attack in 2019, thought to be supported by the Chinese government; The Company has stated that no sensitive information has been lost.

Bayer was also targeted by Winnti attacks last year, in 2017; Merck & Co has its active pharmaceutical ingredients (API) production and some R&D systems seriously disrupted by the NotPetya attack, highlighting the need for cyber-security for pharmaceutical companies.

A range of other German companies were also affected by the attack.