Blog > Blog

Cybersecurity in the health and pharmaceutical sector, state of play

Among recent hacking victims reported in the media are American pharmaceutical giant ExecuPharm and the French pharmaceutical company Pierre Fabre. In Canada, Toronto's Humber River Hospital in June 2021 and CIUSSS du Centre-Ouest-de-l'Île-de-Montréal in 2020 were also targeted. And these are just a few of the cases to make the headlines.

In a June 2021 study, the US Department of Health and Human Services Cybersecurity Program paints an alarming picture of the situation, reported:

  • 82 healthcare and pharmaceutical organizations were victims of ransomware between January and May 2021. 60% of these ransomware cases impacted the US healthcare sector
  • Avaddon and Conti ransomware were the most aggressive (16 cases each), followed by Sodinoki (7 cases)
  • In 72% of cases, the ransomware exfiltrated data.15% of organizations were unable to confirm whether data was stolen.


Survey says: Ransomware!

HSS also surveyed organizations in the healthcare and pharmaceutical sector, and the results are as follows:

  • 34% of organizations in this sector experienced a security incident in 2020
  • In 65% of the cases, the data was encrypted by the hackers (ransomware)
  • 44% of organizations restored their data from backups
  • 34% of victims paid a ransom
  • 93% of victim organizations recovered their data, but only 69% of encrypted data was restored
  • The average ransom amounts were $131,000

However, and it's a big however, the average bill to fix the situation and recover from the attack - including service interruptions, time of people involved in managing the incident, cost of hardware and software, ransom amount, etc.) was $1.27 million.

Why are Healthcare and Pharma so attractive to hackers?

When hackers conduct a ransomware attack, they primarily target industries where the impact of data encryption can be major. The greater the impact, the more the victims' ability to negotiate decreases, which is ideal for hackers. In some cases, victims will even pay a ransom even if they have backups, as it takes too long to restore from backups.

The other element that makes this sector attractive to hackers is the presence of IP (intellectual property) and confidential information related to research work (new therapeutics, etc.).

It goes without saying that a company whose intellectual property has been exfiltrated will tend to consider paying a ransom, even if they have backups.

Firms involved in COVID-related research are particularly targeted, both by cybercriminal groups and by state actors. According to Mr. David Vigneault, the head of the Canadian intelligence services, there is an increase in cyber attacks from third countries (Russia, China, etc.) targeting Canada. The most targeted sectors are health and biopharmaceuticals.

It should also be noted that supply chains in the pharmaceutical sector are complex, so a breach at an insecure partner can put you at risk.

Finally, the healthcare and pharma sectors aren’t known to be the most secure. Indeed, there are old, unsupported systems (Windows XP, 2008, etc.), often inadequate access control and other security weaknesses. And, with the massive shift to telecommuting due to COVID, many organizations have implemented remote access measures (VPN, RDP, etc.), some of which are not very secure. Hackers know this and will target these areas because it increases the likelihood of success for their attacks.


What do these numbers tell us?

  • The healthcare and pharma sector will continue to be prime targets for hackers. Double extortion techniques (encryption of data and threat to publish the data if the ransom is not paid) will continue as they are paying dividends for hackers.
  • If you have been a victim of ransomware, there is a good chance that your data has been exfiltrated. It’s vital to make sure, as your IP may be at stake
  • Paying a ransom does not ensure that you’ll be able to restore your data. The hackers may disappear, or the decryption may corrupt your data. So create a backup protocol and test it regularly.
  • The ransom amount is derisory compared to the total costs required to recover your systems and return to normal production ($131,000 vs. $1.27M on average).


Is the situation different in Canada?

The short answer is no. Healthcare and pharma companies in Canada have similar risk profiles to those in the US. We’ve seen a significant increase in attacks targeting these sectors in Canada since the massive shift to telecommuting due to COVID-19.


How can Streamscan help you?

Streamscan has nearly a decade’s worth of experience and expertise in cybersecurity for healthcare and pharmaceutical organizations. We manage the daily security of several leading organizations in these sectors, either through our MDR service or our CDS cyber threat detection technology.

Our in-depth knowledge of these sectors has given us insight into the vulnerabilities typically used to hack companies in this sector, allowing us to manage our clients’ security proactively.

We also have access to strategic information on cyber attacks targeting the Canadian healthcare and pharmaceutical sectors and the groups involved through special limited-access government programs. This allows us to remain constantly vigilant, adapt our CDS technology to these realities, and apply the required measures on an ongoing basis to keep our partners safe.



Need Help? StreamScan is Here.


Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with years of experience in the manufacturing sector who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.