Attacks go viral across vaccine supply chain

The European Medicines Agency, responsible for authorising the use of vaccines within the EU, has been the victim of a cyberattack, it reports.
This comes hard on the heels of a string of attacks within COVID-19 supply chains globally and the US healthcare sector. The agency has launched an investigation.

"It's disappointing to hear about the European Medicines Agency being targeted by cyber attackers, but unfortunately it doesn't come as a surprise,” comments Oliver Cronk, chief IT architect, EMEA at Tanium. “Any organisation that holds valuable data is at some point likely to be targeted and right now there are few things more valuable than Covid-19 vaccine data.

'Whilst it's true that suspected nation state attacks like this are hard to defend against, due to their sophistication, it's important to remember that, if basic security measures are followed, then it's far less likely that an attack will be successful.”

Suggested measures include: ensuring that regular IT patches and updates are being applied, having a strategy in place to secure a remote workforce and providing training to all staff about not clicking links on malicious phishing emails. “These actions may sound obvious,” he says, “but they are often not undertaken, which offers attackers an easy route into the organisation's network.”

Carl Wearn, head of E-Crime at Mimecast, points to the attack as the latest episode in a year-long saga of hackers using the COVID crisis as an opportunity to target the medical industry. “Throughout the year, we’ve seen attacks on the WHO, the NHS, various hospitals and pharmaceutical companies, and, most recently, on the ‘cold chain’ partners who are manufacturing and delivering the vaccine candidates to early adopters.

“Based on our research, it’s almost certain that cyberattacks against companies involved in the COVID vaccine supply chain will continue and even increase. We expect that transportation, storage and delivery networks relied upon for the delivery of any mass vaccination programme are the most likely to see attacks escalate, as these will be viewed as key targets of threat actors in the coming weeks and months. With that in mind, it’s crucial that these companies put the right measures in place to safeguard their networks and data ahead of the surge we forecast.

From patient data to highly sensitive IP related to the treatment of COVID, the medical industry is a goldmine for hackers and needs to ensure it has strong cybersecurity in place, he advises. “This starts with putting cybersecurity at the heart of their digital services, training employees and partners about cyber hygiene habits, and being vigilant at all times. We shouldn’t underestimate how challenging this last pillar is when the industry is under high pressure to deliver a treatment faster than ever before, which requires extensive collaboration from all parties and long hours for workers. “

On a more positive note, Wearn says we should celebrate the fact the medical industry has responded to a global pandemic in the most effective way possible and as quickly as possible. “Implementing stringent cybersecurity processes and best practice would enable it to mitigate cyberattacks more effectively, wherever they come from, and whatever format they take.”