Cyber Attacks: Why Biotech, Life Sciences & Healthcare organisations fall victim to cybercrime & what you can do about it

Iby Boztepe

Our industry is under attack – there is no doubt about it! The news of yet another organization falling victim to cybercrime has become a daily occurrence. As long as there is a promise of financial gain, the cybercriminals will keep on trying and their methods will keep on evolving. So why is our industry such a soft and lucrative target? The answer is simple. We generate, store and consume sensitive information as part of doing business.

From patient medical and emergency records to automating data capture within clinical processes to retaining and sharing research and development activity across laboratories and partner supply chains. Many more medical devices that perform complex functions, diagnoses, therapies and outputs are increasingly placed within a connected IT network.

Whilst all industries have Cyber Security challenges, the Biotech, Life-Sciences and Healthcare sectors face a number of unique ones.  Networks are increasingly interconnected across many related parties. From Biotech to CROs/CDMOs to various GxP partners, from Clinics to Hospitals, from mobile workforces to suppliers, from Research Institutes and University environments to the private sector. These organizations typically extend network access privileges to large numbers of staff who use a variety of mobile devices remotely.  Industry’s vulnerability to breaches through lost or stolen devices or malicious access activity is greatly increased.

Collaboration is the way we do business. Sharing information is crucial to our progress, yet presents one of the most common attack vectors. A further challenge to the industry has been the resistance of users to adopt security measures for concerns of impeding rapid access to information at critical times.   Protecting the privacy of patients, the intellectual property and validating the accuracy of the data is becoming more challenging.

Given new security and privacy laws and closer enforcement of regulatory mandates, accompanied with greater non-compliance penalties, Boards and Executive committees are placing greater urgency on their data protection.

Organisations are being targeted by typically three types of attackers:

  1. Hacktivist: Often motivated by ‘Political’ or ‘Social Issue’ reasons,
  2. Cyber Criminals: For financial or other gains using malware, Crypto and host of increasingly sophisticated tools.
    1. The methods and objectives of malware can range from deploying
      basic bots for use in denial-of-service campaigns, to more directed objectives such as stealing specific intellectual property.
    2. Successful cyber criminals do not end with an initial intrusion, regardless of whether they’re perpetrated via malware or malware-free attack vectors. Each attack has an ultimate objective, such as theft of data or computing resources, and the attack typically requires multiple steps along the way to reach that objective.
    3. Adversaries are frequently seen using valid account credentials across the attack lifecycle. Credentials are typically obtained via successful phishing, brute force or credential dumping methods.
  3. Nation State: Cyber warfare, Overt and Covert and also by way of criminal actor collaboration.

To overcome such attackers Biotech, Life-Sciences and Healthcare organisations should take a number of actions:

  • Identify and secure critical data
  • Encrypt data
  • Minimize access to critical data to authorized users
  • Perform detailed logging and alerting
  • Use token-based, two-factor or Multi-factor authentication for remote access
  • Segment the network
  • Limit the attacker’s ability to move through the network
  • Use application whitelisting
  • Protect privileged accounts with unique passwords using a password vault
  • Proactively hunt for evidence of compromise
  • Have an incident response plan in place and one that is tested
  • Engage a ‘Managed Security Services Partner’ for advice, Audit and Risk management

By following these best practices, paying attention to the latest threat intelligence to the industry, and investing in the latest security technologies and partnering with a proven industry managed security services partners, our industry can go a long way towards protecting their critical information assets.

What’s Ahead for our sector?

If the previous year has been any indication, our sector is vulnerable to greater attacks. The increased connectivity of devices together with greater digitized data / records puts organizations at greater risk.

We also need to ask more questions of the cloud service providers: “Are your services secure? Is your backup adequate? What do you do to mitigate the risks?”

It is a common misconception that cloud providers are responsible for protecting your privacy and intellectual property. In fact, the opposite is true. Regardless of whether you are using legacy (on-prem) or cloud services, your organization is responsible for the information that’s being created, stored, accessed and distributed. Can your cloud provider furnish you with a SOC report?

The good news is that our industry is more aware of these escalating threats. Board and Executive members have agenda action items to understand the threat vectors and what may be done about it. Many organizations have the opportunity to implement appropriate security solutions more affordably than what may have been hoped for in the past.

By asking some basic questions, an appropriate remediation plan can be considered, such as:

“What’s going on in our network now; How can we gain full visibility; How do we best position our ‘cloud’ or ‘on premises’ set-up to protect and scale our organization whilst being compliant to regulatory mandates…”

Cyber threats are virtually (pardon the pun) impossible to prevent.  But you can put yourselves in a position where your organization can detect, prevent, analyze, and respond to attacks fast enough to prevent the most serious of breaches.


  1. Restrict Administrator Privileges,
  2. Ensure Patching of devices are up to date,
  3. Back-ups and Disaster Recovery process are in place and tested,
  4. Secure End Point devices and Sandbox as appropriate,
  5. Protect your network at the DNS (Domain Name System) level.

By following best practices, investing in the latest tools, and by partnering with a proven industry managed IT and IT Security services partner; our industry can go a long way toward protecting their critical information assets.

Contact Exigence to discuss how our specialist services can help your organisation