In relation to the news that North Korean hackers have targeted at least six pharmaceutical companies in the U.S, the U.K., and South Korea working on Covid-19 treatments, including UK-based healthcare company Astra Zeneca, please find commentary from Industry leader.
It was recently reported that North Korean hackers targeted at least six pharmaceutical companies working on COVID-19 vaccines, including Astra Zeneca in the United Kingdom. Given the ongoing health crisis, pharmaceutical companies carry outsized importance in our society today — their cybersecurity is an international imperative.
This is a deeply concerning threat, and similar to the NotPetya attacks of 2017, this should serve as a wake-up call. Though North Korea is a high-profile nation-state attacker, the fact is healthcare and pharmaceutical industries remain uniquely vulnerable to bad actors of all kinds and must work to continually bolster their security. Pharmaceutical companies have extensive intellectual property around drug development efforts and extensive supply chains and technology infrastructure that rely on third parties to bring their products to market.
The ironic, perhaps even frustrating, advice is — the “secret” to better security is about executing on the simple fundamentals. Maintain IT hygiene, ensure device compliance, make sure you have visibility into all assets and devices in-house and reported by third parties, deploy patches at scale, educate employees about tactics like spear-phishing, and conduct oversight of your third-party IT service providers.