The theft of data on up to 4.5 million patients from Community Health Systems last month has intensified awareness of the porousness of hospital and life science digital security measures. And the postevent analysis has reconfirmed two facts: Pharma is a top target for hackers, and some companies are ill equipped to defend themselves.
Cybersecurity business FireEye--which has been investigating the breach for Community Health Systems--wrote about some of the issues in a blog post. The company has recent evidence of attacks. Late last year a China-based group reportedly attacked three firms that provide cancer drugs and services. And a hacker group compromised up to 100 of a pharma company's systems and installed back doors for ease of access. The breach may have gone undetected for up to three years.
Such continued access to a drug developer's vaults could prove valuable to an unscrupulous pharma company or counterfeiter. "Imagine if they were to break into Pfizer," Giovanni Vigna, cofounder and CTO of cybersecurity company Lastline, told VentureBeat. "They could get information about months and months of drug testing that costs millions to produce. … This is where the real golden nuggets are in this type of crime."
The Community Health Systems breach--which has been linked to a Chinese group--didn't include clinical trial data, but such information is a prized target. "The pharmaceutical industry falls squarely in the crosshairs," Jen Weedon, manager of threat intelligence at FireEye, wrote in a blog post. "Threat actors looking to improve their country's ability to address domestic health concerns will set their sights on stealing IP related to technologies, processes and expertise."