The number of attempted cyberattacks on the pharma sector has surged in 2020, but it may be too soon to assess their damage.

Evidence of the uptick can be found in attempts by cybercriminals with ties to Iran, China and Russia to break into networks from top pharma companies and the World Health Organisation. 

Earlier this month, cybercriminals obtained data related to the COVID-19 vaccine from Pfizer (NYSE:PFE) and BioNTech (NSDQ:BNTX) after breaching the European Medicines Agency. The attacker obtained documents related to the regulatory submission for the BNT162b2 vaccine, according to a statement from BioNTech. 

Recently, cybercriminals with likely ties to North Korea launched a phishing campaign against AstraZeneca (LON:AZN) to gain access to the company’s internal servers. According to the Wall Street Journal, hackers affiliate North Korea have attempted to steal COVID-19 vaccine data from  Johnson & Johnson (NYSE:JNJ) and Novavax (NSDQ:NVAX). Also reportedly on hackers’ hit list are the South Korean vaccine developers Genexine Inc., Shin Poong Pharmaceutical Co. (KRX: 019170) and Celltrion (KRX: 068270). 

That fact reflects a broader trend. In 2020, there has been a considerable increase in the number of cyberattacks. In particular, there has been a surge in phishing and ransomware from cybercriminals looking to exploit the pandemic. “From our own statistics, we’re seeing a 20% increase in web application attacks,” said Terry Ray, SVP at the cybersecurity company Imperva. 

Web applications are widely used in the pharmaceutical industry for the simple reason that they facilitate collaboration and information sharing, Ray said. 

While some reports suggest that the number of successful breaches has decreased as attacks have increased, “that doesn’t make sense to me,” Ray said. In reality, it may simply be too soon to assess their impact. 

Security teams with the pharmaceutical, healthcare and manufacturing sectors have been forced to divert from standard practices. “This year, half of their focus has been on how to make their workforce more remote,” Ray said. As a result, there is less time for threat research, incident response and incident analysis. 

“We know that most companies don’t actually identify their own breach,” Ray said. “Somebody else tells them.” 

While nation-state-backed actors are targeting pharmaceutical companies to obtain vaccine data and information, they are in the minority. Nearly half (48%) of breaches in the broader healthcare sector have been from internal threat actors, according to the 2020 Data Breach Investigations Report from Verizon.  

No matter the source of a breach, assessing the impact of a single breach can take months. In general, the average time to detect and contain a breach in 2020 was 280 days, according to IBM. 

Ray suspects the number will increase because “you have fewer people looking at more things and trying to make sense of them,” Ray said. “For sure there are nation-state attacks that are going against [pharmaceutical companies] to try and get IP, but I think there are also people who are being opportunistic, saying, ‘I’m out of a job. I might as well be hacking.’”