Cybersecurity risks to pharmaceutical companies are not simply the result of internal error or accidental actions by hackers, for companies in this sector are being purposefully targeted. For example, a study conducted by Deloitte demonstrates how the pharmaceutical industry is now frequently the number one target of cybercriminals around the world, particularly when it comes to intellectual property theft.
This is, unfortunately, a consequence of pharmaceutical firms gravitating towards increased digitization and also with storing more valuable data online (through cloud servers). Hence companies in the sector have become highly-attractive targets.
Cybersecurity policies
When putting together an effective cybersecurity policy, the key words to consider at each stage are ‘comprehensive, robust, and flexible’. With this the cybersecurity strategy needs to be far more sophisticated than simply erecting a firewall or ensuring that anti-virus software is up-to-date, such as ensuring that current security patches have been downloaded. As with other aspects of pharmaceutical strategy, the cybersecurity approach needs to be holistic. This means being joined-up, so that every part of the business is considered in terms of potential impact (in that a breach in location y could spread to location x, and then bring the entire system down or into a state of lockdown should a ransomware attack happen).
In addition, the cybersecurity strategy needs to be continually proactive in seeking to uncover potential vulnerabilities and addressing them before they can be exploited.
Strategy in the event of an attack
In the event of a cyberattack, the in-place policy will ideally have a road-map in place. This should include mechanisms for contacting customers and regulators, and putting in place temporary manual systems in order to keep as many aspects of patient supply and production running as possible. This will include the use of paper documentation, the use of ‘wet’ signatures to replace e-signatures, additional data verification checks and other similar measures.
