Skip navigation

Are You a Target? Weighing Cybersecurity Risk Factors in Life Sciences & Healthcare

Richard Golob

VP, Global Head of Life Sciences, EPAM
Blog
  • Life Sciences & Healthcare

Cyberattacks are More Common in Life Sciences & Healthcare

Data breaches and other types of modern, large-scale cyberattacks have been making headlines for more than a decade, but recently, it seems like organizations in the life sciences and healthcare industry have been taking on more than their fair share. As it turns out, it doesn’t just seem that way – it’s actually happening according to Verizon’s 2017 Data Breach Investigations Report, which states that 15% of these attacks hit healthcare organizations.

We don’t have to go very far back in time for a good example of one of these attacks on a healthcare or pharma organization. On June 27, 2017, Merck, one of the largest pharma companies in the world, and 2,000 other companies were hit with ransomware called Petya that infected employees’ computers across 65 countries and left a ransomware note demanding a bitcoin payment to decrypt their infected files. Weeks later, the pharma giant is still trying to get their infrastructure back on track.

So, before a company like Merck – or any company for that matter – can determine a plan of action to prevent the next cyberattack, it must consider why the attack happened in the first place. With that in mind, let’s explore a few narratives that could come into play in the process of becoming a cyberattack target.

Four Narratives that Could Explain Why
  1. A decade ago, cybersecurity was all about securing the perimeter to ensure that corporate IT systems were closed to outsiders. In the past five years, however, working remotely has become more and more ubiquitous with a high percentage of employees working outside of the perimeter, accessing sensitive data through the cloud and unsecured systems, and often doing it all via a mobile device. As a result, the entire enterprise has become fundamentally more vulnerable, making it difficult to determine where the perimeter ends and the outside world begins.
  2. Healthcare and life sciences companies have long been slow to innovate when it comes to digital, and this hasn’t been helped by the fact that technology is not their core business proposition. In fact, as other industries have had to adopt new business models to grow their revenues, which typically resulted in disproportionate investment into technology, healthcare and life sciences have stayed a little behind the digitization curve.
  3. For many organizations, being slow to innovate is not by choice. Instead, it’s often for compliance reasons, like in a scenario where a business has to choose between meeting the latest regulatory standard and rolling out a new technology. In this case, the company may stay in business without the new software component, but not without meeting the regulatory standard. Indeed, compliance has long been a burden to the CIO agenda.
  4. Finally, considering the above narrative about the ever-expanding perimeter and how the June cyberattack on Merck affected so many employees, it’s worth noting that the companies making headlines for data breaches aren’t small or even medium-sized. Instead, hackers go after the biggest and, by extension, most profitable targets – companies with the highest numbers of employees, locations, and potential entry points.
How to Plan for What’s Next

Considering the size and scope of the data breach against Merck, it’s hard not to start posing what-if questions. What if they had implemented better or more security controls sooner? What if they had run a mixture of Windows and iOS to stave off Windows-attacking viruses like WannaCry and Petya? What if they had identified the virus before it made its way across the entire enterprise?

There will always be what-ifs, but with so many possible access points for a data breach, it’s nearly impossible to ever be 100% uncompromised, especially when you’re a huge company trying to balance growth and revenue with compliance and security.

It’s not easy, but it is absolutely worth your time to not only determine a plan to improve your cybersecurity, but also create a plan for how to respond if your company falls victim to a cyberattack. The best way to get started is to assume you’re already compromised, or that you’ll be compromised tomorrow at the latest, and then find a partner who can help you. The faster you make cybersecurity a priority, the better off you’ll be.

Hello. How Can We Help You?


Our Offices

  • Canada

    • Ottawa

      343 Preston Street,
      ON K1S 1N4, Ottawa
      Canada

      Map
    • Toronto

      5 Park Home Avenue,
      Suite 400,
      ON M2N 6L4, North York,
      Toronto
      Canada

      Map
      F: +1-416-595-1551
  • Mexico

    • Guadalajara

      Periférico Sur #8110,
      Col. El Mante
      45609 Tlaquepaque, Jalisco
      Mexico

      Map
  • United States

    • Newtown, PA

      41 University Drive,
      Suite 202,
      Newtown, PA 18940
      USA

      Map
      F: +1-267-759-8989
    • Bellevue, WA

      110 110th Ave. NE,
      Suite 310
      Bellevue, WA 98004
      USA

      Map
    • Boston, MA

      21 Drydock Avenue,
      Suite 410 W,
      Boston, MA 02210
      USA

      Map
    • Conshohocken, PA

      101 East 8th Ave,
      Suite 201,
      Conshohocken, PA 19428
      USA

      Map
    • Los Angeles, CA

      11601 Wilshire Blvd,
      Suite 350,
      Los Angeles, CA 90025
      USA

      Map
    • New York, NY

      24 West 25th Street,
      5th Floor,
      New York, NY 10010
      USA

      Map
      F: +1-267-759-8989
    • Philadelphia, PA

      30 South 15th Street,
      9th Floor,
      Philadelphia, PA 19102
      USA

      Map
    • San Francisco, CA

      222 Kearny Street,
      Suite 308,
      San Francisco, CA 94108
      USA

      Map
    • San Jose, CA

      2055 Gateway Place,
      Suite 510,
      San Jose, CA 95110
      USA

      Map
    • Washington D.C.

      7901 Jones Branch Drive,
      Suite 400,
      McLean, VA 22102
      USA

      Map
  • Australia

  • China

    • Guangzhou

      Unit B01, 23/F,
      Yuexiuxinduhui Building,
      No. 236, 6th Zhongshan Road,
      Yuexiu District, Guangzhou,
      China 510180

      Map
    • 广州

      中国广州市越秀区
      中山六路236号
      越秀新都会大厦中座 23楼 B01室
      邮编510180

      地图
    • Shanghai

      Room B509, 5th Floor,
      48 Weihai Road,
      Huangpu District, Shanghai,
      China 200000

      Map
    • 上海

      上海市黄浦区
      威海路48号
      5楼B509室
      邮编200000

      地图
    • Shenzhen

      3/F, Block 5, Vision Shenzhen Business Park,
      9th Gaoxin South Road, 
      Shenzhen Hi-tech Industrial Park,
      Nanshan District, Shenzhen,
      Guangdong, China 518057

      Map
    • 深圳

      中国广东省深圳市
      南山区高新南九道
      威新软件园5号楼3楼
      邮编518057

      地图
    • Suzhou

      Building 12, Creative Industrial Park,
      328 Xinghu Street,
      Suzhou Industrial Park,
      Suzhou, China 215123

      Map
    • 苏州

      中国江苏省苏州市
      苏州工业园区星湖街328号
      创意产业园内12号楼
      邮编215123

      地图
  • Hong Kong

    • Hong Kong

      26F&17F, The Wellington Tower,
      198 Wellington Street,
      Central, HK

      Map
  • India

    • Bangalore

      Smartworks,  
      Global Technology Park,
      Block C, Outer Ring Rd,
      Adarsh Palm Retreat, Bellandur,
      Bengaluru, Karnataka 560103
      India

      Map
    • Hyderabad

      10, 11 & 12th Floors,
      Salarpuria Sattva Knowledge City,
      Plot No. 2, Phase - 1,
      Survey No. 83/1,
      Raidurgam Village,
      Serilingampally Mandal,
      Hyderabad, Telangana - 500081
      India

      Map
    • Pune

      SmartWork Business Center Pvt Ltd,
      Suite 8, Level 1,
      West Wing, Nyati Unitree,
      Samrat Ashok Road,
      Yerwada, Pune - 411006,
      Maharashtra
      India

      Map
  • Japan

    • Tokyo

      Floor 1-10-11
      Shibadaimon Centre Building 10th
      Shibadaimon Minato-ku
      Tokyo 105-0012
      Japan

      Map
      F: +81-03-6880-9201
  • Singapore

    • Singapore

      5 Shenton Way
      UIC Building, #10-01,
      Singapore (068808)

      Map
  • United Arab Emirates

    • Dubai

      EPAM Systems FZ-LLC Dubai Branch
      2307 Arenco Tower, Dubai Media City
      PO Box 501929 Dubai
      United Arab Emirates

      Map