Report: Pharma more vulnerable than other industries to hackers

The past year has been a bad one for the retail industry's cybersecurity image, with high-profile breaches at eBay and Target causing concerns for consumers. Yet data gathered by cybersecurity ratings company Bitsight suggests the healthcare and pharmaceutical sectors have fared even worse than retail.

Bitsight made the conclusion after analyzing the origins of malicious software, an approach that allows it to see which computer systems have been compromised. Companies rarely publicly report security breaches--and some are unaware they have been hacked--so the malicious software origin is a workaround that allows Bitsight to estimate vulnerability. Over the past year, cybersecurity for the healthcare and pharmaceutical sectors of the S&P 500 index worsened faster than for any other industry, the Financial Times reports.

A piece of malware known as Zeus was the main culprit, accounting for almost 25% of the threats Bitsight spotted at healthcare and pharma firms. Zeus logs every keystroke the user makes, potentially revealing drugmakers' passwords and giving hackers access to patient data. "Pharma has a treasure trove of intellectual property while hospitals have patient data that they are putting at risk. When it performed poorer than retail we thought, watch out, because of all we've seen in retail," Bitsight's chief technology officer Stephen Boyer told the FT.

In April, the FBI called on the healthcare industry to tighten up cybersecurity practices, noting that companies lagged behind their peers in the finance and retail sectors. The Bitsight report adds credence to the warning, with the response times of healthcare and pharma organizations coming in for particular criticism. On average the industry took 5.3 days to fix a problem, giving the hacker enough time to do considerable damage. For now, none of the incidents have resulted in a high-profile breach like those that happened at eBay and Target.

- read the FT article (reg. req.)