by Richard Golob, VP, Global Head of Life Sciences, EPAM
August 15, 2017
Cyberattacks are More Common in Life Sciences & Healthcare
Data breaches and other types of modern, large-scale cyberattacks have been making headlines for more than a decade, but recently, it seems like organizations in the life sciences and healthcare industry have been taking on more than their fair share. As it turns out, it doesn’t just seem that way – it’s actually happening according to Verizon’s 2017 Data Breach Investigations Report, which states that 15% of these attacks hit healthcare organizations.
We don’t have to go very far back in time for a good example of one of these attacks on a healthcare or pharma organization. On June 27, 2017, Merck, one of the largest pharma companies in the world, and 2,000 other companies were hit with ransomware called Petya that infected employees’ computers across 65 countries and left a ransomware note demanding a bitcoin payment to decrypt their infected files. Weeks later, the pharma giant is still trying to get their infrastructure back on track.
So, before a company like Merck – or any company for that matter – can determine a plan of action to prevent the next cyberattack, it must consider why the attack happened in the first place. With that in mind, let’s explore a few narratives that could come into play in the process of becoming a cyberattack target.
Four Narratives that Could Explain Why
How to Plan for What’s Next
Considering the size and scope of the data breach against Merck, it’s hard not to start posing what-if questions. What if they had implemented better or more security controls sooner? What if they had run a mixture of Windows and iOS to stave off Windows-attacking viruses like WannaCry and Petya? What if they had identified the virus before it made its way across the entire enterprise?
There will always be what-ifs, but with so many possible access points for a data breach, it’s nearly impossible to ever be 100% uncompromised, especially when you’re a huge company trying to balance growth and revenue with compliance and security.
It’s not easy, but it is absolutely worth your time to not only determine a plan to improve your cybersecurity, but also create a plan for how to respond if your company falls victim to a cyberattack. The best way to get started is to assume you’re already compromised, or that you’ll be compromised tomorrow at the latest, and then find a partner who can help you. The faster you make cybersecurity a priority, the better off you’ll be.