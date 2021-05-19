Global Edition
Privacy & Security

Report finds 10% of pharma manufacturers at high risk for ransomware

The cyber risk platform Black Kite also found that vendors – especially data management platforms – can expose their business partners to vulnerabilities.
By Kat Jercich
May 19, 2021
02:44 PM

Photo: Morsa Images/Getty Images

The cyber risk platform Black Kite released a new report this week finding that one in 10 global pharmaceutical manufacturers are at a high risk of suffering a ransomware attack.  

The report, published on Tuesday, evaluated the cybersecurity posture of the 200 largest global pharmaceutical companies and 166 associated third-party vendors.  

"We have seen how ransomware attackers can shut down a gasoline pipeline in the past week. Imagine if a ransomware attack halted a manufactured COVID-19 vaccine hostage or stopped the production of vital chemotherapy drugs,” said Bob Maley, Black Kite’s chief security officer, in a statement.  

WHY IT MATTERS  

Billions of people worldwide rely on the pharmaceutical industry, sometimes for daily medications.  

"An interruption in manufacturing lifesaving drugs or therapies would be catastrophic for many. A cyberattack on a pharmaceutical company could mean life or death for consumers," noted the Black Kite report.  

The organization used open-source intelligence sources, in combination with machine learning, to evaluate companies' susceptibility to ransomware attacks on a scale of 0.0 to 1.0.  

Nearly 10% of companies were over what Black Kite considers a "critical" threshold of 0.6, indicating high susceptibility.  

Medium-sized pharmaceutical companies had the highest average susceptibility.  

Security issues included out-of-date systems, phishing vulnerability, publicly visible critical ports, credentials in lists shared on the deep web and past data breaches.  

Vendors are also vulnerable: 12.2% of IT solutions are above the critical threshold, and nearly 5% of software vendors are – but the report flagged data management vendors as the riskiest.  

"The people you do business with matters, more so now than ever," said Maley in the report. "Supply chain continuity is everyone's responsibility, especially amidst today's evolving cyber landscape.   

"That said, your risk management obligations are never entirely fulfilled, not even after you've achieved a 'good' cyber rating. Your suppliers, partners, vendors and third parties all open other gateways to your network," he added.  

So what makes pharma such a rich target? The report outlined several reasons, including digital transformation, data access, widely adopted medical technology and complex supply chains.  

"The pharmaceutical industry is the world’s third-largest industry, following the finance and e-commerce sector. With a predicted compound annual growth rate of 13.7% through 2027, it's no secret that pharmaceutical organizations will become a more valuable target to cyber criminals," read the report.

THE LARGER TREND  

As Maley mentioned, ransomware attacks have been in the news since they led to the shutdown of the Colonial Pipeline earlier this month. 

But for the healthcare industry, they're nothing new. Just this week, Scripps Health marked two weeks of a network outage following what was reported to be a ransomware attack – while Ireland's national health service faced a shutdown of its own.  

And when it comes to the pharmaceutical supply chain, one major effort stands out: the COVID-19 vaccine. Experts have warned that the process of manufacturing and distributing the vaccines presents a number of vulnerabilities – and hackers have already begun to take aim.  

ON THE RECORD  

"Billions across the globe rely on pharmaceutical manufacturers. Ransomware attacks on 10% of the globe’s pharmaceutical companies could have an immense impact," said Maley.

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Pharmacy, Privacy & Security, Quality and Safety

More regional news

Derek Baird of Sensyne Health, AI

How AI can truly advance healthcare and research, and where it's gone wrong

By
Bill Siwicki
May 19, 2021
Klara system telehealth

Mobile patient communication and telehealth tool helps transform Indiana Hernia Center

By
Bill Siwicki
May 19, 2021
A patient using a tablet

MITRE proposes digital health strategy focused on equity, individual empowerment

By
Kat Jercich
May 19, 2021
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Related Content

Top Story

A patient using a tablet
MITRE proposes digital health strategy focused on equity, individual empowerment

Most Read

How does bias affect healthcare AI, and what can be done about it?
VA to undertake strategic review of EHR modernization program
Portuguese value-based healthcare project receives accolade from the World Economic Forum
RFID tech helps Reading Hospital boost volume of COVID-19 vaccinations
How healthcare cloud tools can help with HIPAA/HITECH compliance
WHO warns about fake COVID-19 vaccines on the dark web

Research

White Papers

More Whitepapers

Privacy & Security
Interoperability
Interoperability

Webinars

More Webinars

Interoperability
Population Health
Privacy & Security

Video

11 Health Director Justine Seres
Patients must be at the forefront of innovation
Rita Bowen, vice president of privacy, compliance and HIM policy at MRO
Preparing for proposed HIPAA rules in IT, HIM, compliance and privacy
CAQH Senior Vice President April Todd
New tools to help payers implement CMS interoperability rules
Sen. Mark Warner
Sen. Warner: Telehealth advancement requires widespread broadband coverage

More Stories

A patient on a telehealth visit
Telehealth can be an effective alternative for seniors, study shows
The Amazon logo
Amazon in talks to launch at-home medical testing service, says Insider
St. Luke's Regional Healthcare System Meditech vaccine
Meditech vaccine scheduling tool saves time for St. Luke's staff
CAQH Senior Vice President April Todd
New tools to help payers implement CMS interoperability rules
analytics, oracle, oxford, covid-19
Oxford University partners with Oracle for COVID-19 variant identification
Impelsys spins off, rebrands healthcare learning platform
Leveraging technology for better health outcomes in Asia
A person on their phone
Some phones and smartwatches may interfere with pacemakers, FDA warns