ExecuPharm focuses on clinical monitoring, medical monitoring, site contracts and vendor sight. The data impacted includes social security numbers, financial information, driver’s licenses and passport numbers, and other sensitive data may have been compromised, according to TechCrunch. The ransomware group behind the attack published the data they stole from ExecuPharm’s servers to a dark web site associated with the CLOP ransomware group. Such richness of data is one of the reasons why healthcare and pharmaceutical organizations are one of the top targets for cyberattacks.
Commenting on the attack for Digital Journal, Anurag Kahol, CTO, Bitglass begins by looking at the nature of this type of attack and what it entails: “Encrypting a victim’s files and exfiltrating the data to publish if the ransom isn’t paid is a growing tactic among ransomware groups, making it more critical for companies to have adequate security tools and controls in place to protect their data.”
With this specific incident, Kahol looks at the type of type that is at risk of being exploited by the malicious actors: “ExecuPharm confirmed that Social Security numbers, financial information, drivers’ licenses and passport numbers may have been accessed by bad actors, which are all highly valuable pieces of information on the dark web.”
This carries a number of implications for the company: “The exposure of this sensitive data puts the impacted individuals at risk for identity theft and financial fraud for years to come. Consequently, the pharma giant may face costly penalties for violating compliance regulations such as CCPA.”
In terms of taking robust preventative action, Kahol recommends: “To prevent future ransomware attacks and safeguard highly sensitive information, organizations must have full visibility and control over their data.” Central to this is the use of more than one security system and effective personnel awareness of cybersecurity issues coupled by effective training.