3 cyber threats impacting the biotech, pharmaceutical and healthcare industries

In the last 2 years, cyber attacks on the biotech and pharmaceutical industry have increased by 50% according to cyber threat intelligence company, BlueVoyant. This follows an attack earlier on this year on the Irish national healthcare system, the Health Service Executive suffered a significant ransomware attack that led to all of the companies IT systems being shut down.


The healthcare and pharmaceutical care industries have access to some of the most critical confidential data that exists, this coupled with the general data protection at (GDPR) highlights the sector’s need for effective cyber security procedures.


These industries are not alone in undergoing a rapid digital transformation, this can be seen across many other industries as businesses turn to the online world to run their business. However, as the data processed by the healthcare and pharmaceutical care industries is so valuable, they are more prominent targets for cyber-attacks.


The data that cyber criminals are interested in includes personal information including dates of birth, home addresses and email addresses. If stolen, these can be used to commit identity theft via Phishing emails and messages.


To help businesses in the healthcare and pharmaceutical care industries, we have provided a list of the top 3 cyber threats currently facing them and how they can be mitigated:


Third-party vendors: A third party vendor is a company or entity that provide a product or service to your business or on behalf of your business. According to the Ponemon Institute, 60% of UK companies have experienced a data breach caused by a vendor or third party.

How can I protect my business from third-party vendor related cyber-attacks?

o Make sure that your business is as cyber resilient as possible. Joining the SECRC and achieving Cyber Essentials is a great first step if you are not sure about how to start.

o Know who your suppliers are and ask them about their security. Look for businesses who have a cyber resilience accreditation, such as Cyber Essentials.

o Ensure that your suppliers only have the access that they require. Assume that your supplier will get compromised, what is your plan when this happens?

o Review what damage could be done if your suppliers are compromised. Is there any way to reduce the impact? Consider running business continuity exercises to test your business’ response.

o Have a monitoring system in place such as shutting down the anti-malware. Do you know how to check if yours is running?

Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid. How can I protect my business from a ransomware attack?

o Always back up your data, as restoring your files from a backup is the quickest way to regain access to your data.

o Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

o Regularly scan your emails and systems for malware

o Only download files from trusted sites

o Use a VPN when using public Wi-Fi.

o Do not use unfamiliar USB devices.

Phishing attacks: Phishing is a type of cyber crime whereby cyber criminals attempt to extract sensitive information through email messages, website or phone calls appear to be legitimate.

How can I protect my business from a phishing attack?

o Check the sender’s details before responding.

o Always make contact with trusted details found through a reputable search engine, and avoid clicking on anything sent to you.

o To prevent social media account takeovers, consider turning on 2-factor authentication #2FA, so any new device trying to log in or make account changes needs a second layer of security before access is given.

o Use a VPN when using public Wi-Fi.

o Use an advanced email spam filter.


How can The Cyber Resilience Centre for the South East (SECRC) help my business?

When it comes to cyber criminals, there’s nothing small about small businesses. If you’re open for business online, you could be open to cyber attacks. Let us help your business stay ahead of cyber criminals via our FREE core membership.


Our free core membership includes the following:

o Guidance and tips to help you tackle local cyber threats

o Early bird invites to our webinars

o Free and easy to follow cyber security exercises and toolkits for you to run with your employees

o Access to affordable and professional cyber security services including a service that can test how strong your website is against the most common cyber attacks.

o Plus a whole host of other benefits!


Find out more via www.secrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.