Drug Discovery and Development

  • Home Drug Discovery and Development
  • Drug Discovery
  • Women in Pharma and Biotech
  • Oncology
  • Neurological Disease
  • Infectious Disease
  • Resources
    • Video features
    • Podcast
    • Voices
    • Views
    • Webinars
  • Pharma 50
    • 2025 Pharma 50
    • 2024 Pharma 50
    • 2023 Pharma 50
    • 2022 Pharma 50
    • 2021 Pharma 50
  • Advertise
  • SUBSCRIBE

Why cyberattacks targeting pharma are ramping up

The CEO of the cybersecurity firm Cyberhaven sheds light on the evolving threat landscape in pharma and biotech.

By Brian Buntz | August 10, 2021

CyberhavenCyberattacks targeting the pharma industry have ramped up during the pandemic, and insider threats and nation-state attacks are also on the rise. Meanwhile, the average cost of a pharma breach in 2021 is $5.04 million, according to the IBM-sponsored Ponemon Institute’s Cost of a Data Breach Report. For context, an average data breach incurs damages of $4.24 million.

Pharmaceutical companies are beginning to allocate more resources to cybersecurity, according to Howard Ting, CEO of data detection and response business Cyberhaven (Palo Alto, Calif.).

Pharma companies’ data is increasingly decentralized

The traditional model for protecting sensitive data was to create the networking equivalent to a castle and moat. But in the pharmaceutical industry and elsewhere, sensitive data can no longer be stored under lock and key. Pharmaceutical companies’ data must “move and be shared,” Ting said. For example, a contract manufacturer might need access to sensitive data. Or external researchers might need to share sensitive data with drug companies.

Decentralized clinical and hybrid trials also contribute to the complexity while the considerable amount of M&A activity in the industry provides another avenue for data leaks.

“This data is constantly moving, and you have lots of users accessing this data, but there’s no good way for these organizations to identify the sensitive data and then protect it,” Ting added.

Insider threats aren’t always what you might suspect

The classic insider threat involves an employee who is either disgruntled or planning to leave your firm for a competitor. Before they go, they store sensitive information on a USB stick via a file-sharing application.

Howard Ting

Howard Ting

But insider threats can involve attackers with a degree of separation from the employee. The attacker could be a “family member or a former colleague who is able to manipulate this insider to do something that would expose the company to some risk,” Ting said. Such an employee might create an attack vector without malicious intent.

In some cases, nation-states or criminal organizations could be involved in the social engineering of an unwitting employee.

“There’s much more variety in terms of the types of risks and threats we’re facing,” Ting said.

While truly malicious insider threats are worth keeping in mind, they represent a subset of all insider threats. Ting estimates that perhaps less than 1% of insider threats are genuinely malicious. In the remainder of the cases, sloppiness or failing to follow security policies is the real risk.

Some security teams attempt to reduce that risk by adding friction to employees’ workflow, constraining how they approach everyday tasks to ensure employees follow security protocols. But reducing risk doesn’t necessarily need to involve such friction, Ting said. “We shouldn’t think of users as a threat. We should focus on preventing risky behaviors,” he explained.

Ransomware attacks are evolving

For years, the damage from ransomware has steadily increased. Cybersecurity Ventures (Sausalito, Calif.) predicts ransomware will have an economic toll of $265 billion by 2031.

In terms of ransomware targeting pharmaceutical companies, cybercriminals have explored a range of tactics. “We’ve seen cases where [attackers] access clinical trial data or research data about a product that’s in development,” Ting said.

In broad terms, ransomware has evolved. A few years ago, ransomware attacks typically involved the encryption of sensitive data coupled with an offer of a decryption key for a fee. Now, attackers are exploring other avenues of monetizing data involved in ransomware attacks. Ransomware attackers might, for example, exfiltrate sensitive data and threaten to post it online or share it with a competitor unless they receive a payment. Such an attack increases the odds that the hackers will receive a payment even if the company has backup copies of the data.

Protecting pharma data can be tricky with off-the-shelf software

While the cybersecurity landscape has grown more crowded, relatively few vendors cater to the particular needs of pharma and biotech. “It’s because they have so much IP that’s hard to identify,” Ting said. By contrast, a small bank might have relatively straightforward needs to ensure compliance with cybersecurity regulations and protect personal identifiable information (PII). But things tend to be more complicated for pharma companies, which might have trouble identifying intellectual property with off-the-shelf text-based content matching tools.

Protecting data requires understanding context

It is difficult to protect sensitive digital data without understanding the flow of information — also known as “data lineage.” “We advocate for really understanding the data and how it moves,” Ting said. That involves mapping the flow of data to determine its source, where it goes, who touches it, how it is shared and the types of apps and systems that access it.

“One of the biggest problems organizations face is how their data sprawls,” Ting said. A well-meaning engineer or data scientist might, for instance, download a copy of clinical trial data because they’re training a machine learning model. They then could leave that data on their computer or load it into a file-sharing application to share with other scientists.

Such practices contribute to data sprawl with, often, limited visibility.

To counter the problem, Ting advocates an approach he calls “data detection response,” which involves “observing the movement of data and then using analytics to determine where you have risk and exposure.”

In the aftermath of COVID-19, there is a growing appreciation for the cybersecurity threats accompanying decentralized data flows. “I think everyone’s waking up to the fact that they don’t know where their data is, and they don’t know where it goes,” Ting said.


Filed Under: clinical trials, Drug Discovery
Tagged With: clinical trials, Cyberhaven, Cybersecurity, data, data science, insider threat, M&A, ransomware
 

About The Author

Brian Buntz

As the pharma and biotech editor at WTWH Media, Brian has almost two decades of experience in B2B media, with a focus on healthcare and technology. While he has long maintained a keen interest in AI, more recently Brian has made making data analysis a central focus, and is exploring tools ranging from NLP and clustering to predictive analytics.

Throughout his 18-year tenure, Brian has covered an array of life science topics, including clinical trials, medical devices, and drug discovery and development. Prior to WTWH, he held the title of content director at Informa, where he focused on topics such as connected devices, cybersecurity, AI and Industry 4.0. A dedicated decade at UBM saw Brian providing in-depth coverage of the medical device sector. Engage with Brian on LinkedIn or drop him an email at bbuntz@wtwhmedia.com.

Related Articles Read More >

Sai Life Sciences exec: GLP-1 boom has ‘exploded the peptide field’ as firm opens new center
Novartis in the Pharma 50
Swissmedic approves first malaria treatment for infants
Korean team reports all-in-one cancer nanomedicine in pre-clinical studies
Nektar’s Phase 2b atopic dermatitis win triggers 1,746% analyst target surge, but legal tussle with ex-partner Lilly could complicate path forward
“ddd
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest news and trends happening now in the drug discovery and development industry.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Drug Discovery and Development
  • MassDevice
  • DeviceTalks
  • Medtech100 Index
  • Medical Design Sourcing
  • Medical Design & Outsourcing
  • Medical Tubing + Extrusion
  • Subscribe to our E-Newsletter
  • Contact Us
  • About Us
  • R&D World
  • Drug Delivery Business News
  • Pharmaceutical Processing World

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Drug Discovery & Development

  • Home Drug Discovery and Development
  • Drug Discovery
  • Women in Pharma and Biotech
  • Oncology
  • Neurological Disease
  • Infectious Disease
  • Resources
    • Video features
    • Podcast
    • Voices
    • Views
    • Webinars
  • Pharma 50
    • 2025 Pharma 50
    • 2024 Pharma 50
    • 2023 Pharma 50
    • 2022 Pharma 50
    • 2021 Pharma 50
  • Advertise
  • SUBSCRIBE