Fortinet, the main cyber threats in the pharmaceutical industry

The highly sensitive information and data that pharmaceutical companies have at their disposal are easily exposed to possible cyberattacks, Now more than ever. Today, hackers have more resources to achieve their goals with criminal intent without too much difficulty. Realities in the pharmaceutical industry must take into account these threats and also possible attacks by nation states or other competing companies.

The rush to launch the Coronavirus vaccine on the market has kicked off, and the risk associated with possible cyber attacks cannot be overlooked, which are always lurking and lately on the rise.

«In July, the cybersecurity agencies e UK and Canadian authorities have issued joint warning of attacks on Covid-19 vaccine research and development institutes. The concern is that such attacks could cause delays in the delivery of the vaccines themselves, putting the health of millions of human lives at risk »explains Fortinet.

Traditionally, compliance requirements such as HIPAA have been central to cybersecurity strategies in the pharmaceutical industry. However, in 2020, industry executives realized that this approach is no longer enough. Furthermore, the data breach continues and it is imperative to act now.

“The threat landscape is growing: thanks to the integration of the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) through OT / IT convergence, the attack surface has greatly expanded. Additionally, digital innovations are helping to increase the number of attack targets available within the Pharma networks. Among these, cloud migrations, connected medicine and telemedicine, the proliferation of endpoints and the massive spread of remote work ».

Increasing complexity within the network: For years, companies have identified and adopted the security solutions needed to meet specific security or compliance requirements. As a result, most pharmaceutical companies have found themselves having to manage very complex security systems. The resulting criticalities go beyond the security gaps inherent in this approach:

«Distributed Networks and Acquisitions: Growth-by-acquisition strategy can pose additional security challenges, as companies sometimes lack adequate or easily integrated security infrastructures. Such acquisitions must take cybersecurity best practices into account as an integral part of a digital web world already complex in itself “.

“Intellectual property, electronic protected health information (ePHI) and other sensitive operational data are regularly accessed and transferred. Due to their disconnected systems, pharmaceutical companies face visibility challenges, data control, access audits and compliance reporting across all their networks, ”continues Fortinet.

The shortage of cybersecurity professionals worldwide today exceeds 4 million, and the workforce is expected to grow at a rate of 145% annually to meet the demand for qualified personnel. Pharmaceutical companies can and must attract the best talent in the cybersecurity industry, in the near future these figures could become scarce, making it difficult and expensive to fill such positions.

“Pharmaceutical companies are also exposed to threats from within. Harm from internal sources can be difficult to detect as they include a wide variety of behaviors and motivations. It could be a disgruntled employee trying to hinder operations, a staff member trying to make extra money by selling customer data, or a well-meaning colleague who just evades a company policy to save time.

Huawei Health Lab

“The evolution and complexity of regulatory requirements only adds to the difficulty of manually gaining visibility at the network level and applying the required security controls. Also, proving compliance can be time-consuming, especially when networks are made up of disparate point products who do not share reporting capabilities “.

“Pharmaceutical companies focus their security efforts on meeting compliance requirements. But the reality is that most of them struggle to reveal full compliance – and Data integrity is an important new requirement that must be taken into account as digitization progresses».

Furthermore, legacy software and hardware are typical of pharmaceutical manufacturing. Almost always, these devices and operating technology (OT) systems weren’t created with safety in mind.

“As digital innovation and business intelligence profits lead to convergence between OT and IT networks, OT networks are suddenly exposed to threats. These technological advances offer cybercriminals the opportunity to exploit inherited vulnerabilities».

Pharmaceutical companies are exposed to multiple ever-changing cyber threats, including compliance needs, nation-state attacks, and growing network complexity. “Rather than trying to resolve each issue separately, a comprehensive approach to network security would be better. This guarantees automation, visibility and rapid response to threats »concludes Fortinet.

Source: Tom's Hardware by

*The article has been translated based on the content of Tom's Hardware by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!