BioPharma, Health IT, Policy

Health organizations responding to Covid-19 at risk from state-backed hackers, cybersecurity officials say

Drugmakers, medical research groups and healthcare companies and organizations are at risk of “password spraying” attacks by state-sponsored hackers, the officials said in a joint statement.

Drugmakers, medical research and healthcare organizations involved with the response to the Covid-19 pandemic have been victims of state-backed hacking campaigns, cybersecurity bodies in the U.S. and U.K. have warned.

The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, and the U.K.’s National Cyber Security Centre (NCSC) issued a joint statement Tuesday warning of so-called “password spraying” attacks – whereby hackers attempt to gain access to accounts with commonly used passwords – against medical research organizations and healthcare bodies, including pharmaceutical companies, national and international healthcare bodies, research organizations and local governments. The attacks were attributed to “advanced persistent threats,” or APTs, a technical term used to describe hacker groups that are typically operated or sponsored by governments. The APT groups have sought to collect bulk personal information, intellectual property and intelligence that aligns with national priorities, CISA and NCSC said.

The two agencies issued a statement last month that warned of coronavirus-related cyber attacks and said the frequency of such attacks will likely increase in the coming weeks or months.

Reuters reported Tuesday that Chinese and Russian hackers were suspected, citing unnamed American and British officials, though both countries’ governments, along with Iran’s, deny they are behind attacks and say they hare victims as well.

“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to Covid-19,” said Bryan Ware, CISA’s assistant director of cybersecurity, in a statement. “The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity.”

Break-ins at pharmaceutical companies and third-party vendors that work with them, along with healthcare organizations in general, are nothing new, particularly given the amount of valuable proprietary information they can hold. According to a report by cybersecurity services firm FireEye, the healthcare and pharmaceutical industry will likely continue facing hacking threats due to potentially valuable access to research and manufacturing data and other sensitive data like personally identifiable information. In particular, technological and medical innovation will likely spur APT groups looking to obtain proprietary information to benefit state-owned and local companies, while electronic health records and medical devices with internet connectivity will make systems more vulnerable.

Last May, Wilmington, Massachusetts-based contract research organization Charles River Labs became the victim of a “highly sophisticated, well-resourced intruder” that broke into its computer systems and copied the data, constituting about 1% of the total number of organizations contracted with the company. In an interview, a FireEye expert said Chinese espionage groups are a frequent culprit in hacking incidents involving drug companies and CROs, though transnational criminal hacker groups can be just as sophisticated as their government-sponsored counterparts.

Photo: HYWARDS, Getty Images