August 17, 2021
Cybersecurity challenges in advanced therapies — introducing five strategies for success
Pharmaceutical and biotech companies suffer more security breaches than any other industry1 — with greater than 20% of companies in the pharmaceutical sector having been attacked between seven and fifteen times,2 and 95% of attacks in the industry being IP theft related.2 With these sobering statistics — and the frequency of news reports about cyberattacks against private companies and critical infrastructure in both the U.S. and abroad — it stands to reason that cybersecurity is top of mind for business leaders and technology providers in the Life Sciences space today. The industry carries the weighty responsibilities of safeguarding patient safety, data privacy, and intellectual property (IP).
A more connected, digital ecosystem is the future of business and technology and is advancing continuously, opening the door to an increase in cybersecurity threats. Additionally, the workforce and technology shifts of 2020 created more opportunities for security breaches. Ransomware attacks that were detected and blocked rose 715% in 2020.3 News reports offer only a small glimpse of the reality, because significant breaches happen regularly but are not made public.
The entire Life Sciences space is vulnerable and is increasingly targeted. According to a recent Wall Street Journal article, in the fourth quarter of 2020, as the pandemic continued and hospitalization rates soared, there were more attacks in healthcare than in any other industry.4 One industry expert estimates that the risk of cyberattacks tripled in biotech during 2020.5 Of the losses that have been reported, one pharma company alone incurred $1.3 billion in losses in 20171, and in 2020 a single hospital lost $67M from just one security incident.4
Noteworthy and significant attacks in the news serve as visible calls to action. Public policy is developing, such as the Biden administration’s recent executive order,6 and more stringent measures will ultimately become law. Yet these measures lag behind the current reality and potential new threats to come.
With a constantly evolving threat and technology landscape, both technology providers and biopharma companies must implement the most advanced and modern security programs and practices and stay vigilant — continually assessing risk and improving security practices. What does this look like, and what are some of the most current practices leading the industry today?
Technology providers, businesses, and end users share responsibility for staying ahead of cybersecurity risks. How do they meet this challenge today?
Security starts with a security-minded culture across every company in the supply chain. Technology providers have additional resources and methods — such as a security and privacy by design development approach — to extend the security-minded culture to every aspect of their work. All of these practices put security and privacy front and center, making it a “Way of working,” building security in from the start at all levels — from the infrastructure to the platform to applications and, ultimately, end users.
There are five strategies that provide the building blocks for a strong approach to security:
- Prioritize security as a “way of working”
- Secure the technology supply chain
- Meet or exceed industry and regulatory standards
- Help users follow security best practices
- Assess, reassess and evolve
Each blog in this four-part series will dive more deeply into these success strategies, and provide readers with both insights and actionable recommendations for protecting both patient and company information.
Blog series posts:
Post #2 Cybersecurity success in advanced therapies starts by prioritizing security as a “Way of working”
Post #3 Key industry and government regulations provide a cybersecurity foundation in advanced therapies
Post #4 Life Sciences cybersecurity, knowing your first line of defense and continuously improving it
- Mallempati, Raj. How the Pharmaceutical Industry Can Secure Networks to Avoid Cyberattacks. Forbes 2021 March 18: https://www.forbes.com/sites/forbesbusinesscouncil/2021/03/18/how-the-pharmaceutical-industry-can-secure-networks-to-avoid-cyberattacks/?sh=1d93015f1eb3
- Deloitte LLP. Deal breaker: Cyber risk in life sciences M&A. 2018: https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/life-sciences-health-care/deloitte-uk-lshc-cyber-risk-ma.pdf
- Palmer, Danny. Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days. ZDNet 2020 September 09: https://www.zdnet.com/article/ransomware-huge-rise-in-attacks-this-year-as-cyber-criminals-hunt-bigger-pay-days/
- Evans, Melanie and McMillan, Robert. Cyberattacks Cost Hospitals Millions During Covid-19. Wall Street Journal 2021 February 26: https://www.wsj.com/articles/cyberattacks-cost-hospitals-millions-during-covid-19-11614346713
- Smith, Jonathan. Biotech Startups Face a Growing Wave of Cyberattacks. Labiotech.eu 2020 October 21: https://www.labiotech.eu/in-depth/cyberattack-biotech-startups-covid/
- Sanger, David and Barnes, Julian. Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity. The New York Times 2021 May 12: https://www.nytimes.com/2021/05/12/us/politics/biden-cybersecurity-executive-order.html?referringSource=articleShare