The recent ransomware attack on the Japanese pharmaceutical company, Eisai, underlines the growing cybersecurity threats facing the pharmaceutical industry. On June 3, Eisai fell victim to a ransomware incident that encrypted some of its servers, disrupting several systems, including logistics, while leaving corporate websites and email systems operational1. The incident highlights the importance of robust cybersecurity measures and the potential consequences of a successful cyber-attack.
Pharmaceutical companies, with their significant financial resources and invaluable intellectual property, are attractive targets for cybercriminals. These organizations play a critical role in society; hence, any disruption to their operations can have far-reaching impacts. As James McQuiggan, a security awareness advocate at KnowBe4, pointed out, “Cybercriminals will continue to target pharmaceutical companies for financial gain as their deliverables are critical to society”1.
However, the attacks aren’t solely financially motivated. The disclosure of successful infiltration by cybercriminal groups can also raise questions about whether the incident was initiated by an insider or a nation-state aiming to steal data or inflict substantial disruption on the targeted organization1. This underscores the complexity of the threat landscape and the need for comprehensive cybersecurity strategies that address both internal and external threats.
One key aspect of a robust cybersecurity strategy is a well-defined incident response program. No organization wishes to have a ransomware incident occur within its infrastructure. However, when it does, having a robust security incident response program with dedicated teams who fully understand their roles and responsibilities can ensure a quick return to operations1. This was exemplified by Eisai’s swift response to the ransomware attack. The company quickly established a company-wide task force, sought guidance from external experts, and engaged law enforcement in the matter1.
Yet, the incident response is only one part of the broader cybersecurity strategy. Preventive measures are equally important. These include regular security audits, employee training programs, robust access controls, network segmentation, and the use of up-to-date security software. Furthermore, organizations need to adopt a risk-based approach to cybersecurity, identifying their most valuable assets and potential vulnerabilities, and allocating resources accordingly.
While it’s crucial to secure the organization’s infrastructure, safeguarding healthcare providers’ data is another pressing concern. Pharmaceutical companies handle sensitive data, making them a prime target for cybercriminals looking to steal and misuse this information. As Michelle Teuscher, the life sciences industry principal at Treasure Data, has pointed out, there’s much to learn about safeguarding healthcare providers’ data1.
In conclusion, the ransomware attack on Eisai underscores the urgent need for robust cybersecurity measures in the pharmaceutical industry. Given the high stakes involved – from the potential disruption of critical healthcare services to the potential for financial and reputational damage – it’s clear that a proactive and comprehensive approach to cybersecurity is not just beneficial, but essential. By learning from incidents like these and continually refining their cybersecurity strategies, pharmaceutical companies can better protect themselves and the vital services they provide.