3 cyber threats impacting the biotech, pharmaceutical and healthcare industries

In the last 2 years, cyber attacks on the biotech and pharmaceutical industry have increased by 50% according to cyber threat intelligence company, BlueVoyant. This follows an attack earlier on this year on the Irish national healthcare system, the Health Service Executive suffered a significant ransomware attack that led to all of the companies IT systems being shut down.


The healthcare and pharmaceutical care industries have access to some of the most critical confidential data that exists, this coupled with the general data protection at (GDPR) highlights the sector’s need for effective cyber security procedures.


These industries are not alone in undergoing a rapid digital transformation, this can be seen across many other industries as businesses turn to the online world to run their business. However, as the data processed by the healthcare and pharmaceutical care industries is so valuable, they are more prominent targets for cyber-attacks.


The data that cyber criminals are interested in includes personal information including dates of birth, home addresses and email addresses. If stolen, these can be used to commit identity theft via Phishing emails and messages.


To help businesses in the healthcare and pharmaceutical care industries, we have provided a list of the top 3 cyber threats currently facing them and how they can be mitigated:


Third-party vendors: A third party vendor is a company or entity that provide a product or service to your business or on behalf of your business. According to the Ponemon Institute, 60% of UK companies have experienced a data breach caused by a vendor or third party.

How can I protect my business from third-party vendor related cyber-attacks?

o Make sure that your business is as cyber resilient as possible. Joining the SECRC and achieving Cyber Essentials is a great first step if you are not sure about how to start.

o Know who your suppliers are and ask them about their security. Look for businesses who have a cyber resilience accreditation, such as Cyber Essentials.

o Ensure that your suppliers only have the access that they require. Assume that your supplier will get compromised, what is your plan when this happens?

o Review what damage could be done if your suppliers are compromised. Is there any way to reduce the impact? Consider running business continuity exercises to test your business’ response.

o Have a monitoring system in place such as shutting down the anti-malware. Do you know how to check if yours is running?

Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid. How can I protect my business from a ransomware attack?

o Always back up your data, as restoring your files from a backup is the quickest way to regain access to your data.

o Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

o Regularly scan your emails and systems for malware

o Only download files from trusted sites

o Use a VPN when using public Wi-Fi.

o Do not use unfamiliar USB devices.

Phishing attacks: Phishing is a type of cyber crime whereby cyber criminals attempt to extract sensitive information through email messages, website or phone calls appear to be legitimate.

How can I protect my business from a phishing attack?

o Check the sender’s details before responding.

o Always make contact with trusted details found through a reputable search engine, and avoid clicking on anything sent to you.

o To prevent social media account takeovers, consider turning on 2-factor authentication #2FA, so any new device trying to log in or make account changes needs a second layer of security before access is given.

o Use a VPN when using public Wi-Fi.

o Use an advanced email spam filter.


How can The Cyber Resilience Centre for the South East (SECRC) help my business?