• United States




Cyber threats and pharmaceuticals

Jun 17, 20165 mins
Advanced Persistent ThreatsCybercrimeData and Information Security

Stolen intellectual property can destroy a company.

It’s no secret that cyber crime is a lucrative business that continues to evolve and professionalize its services. Regardless of what statistics are cited, they all share a common takeaway: cyber criminal activities reap substantial financial rewards. No sector or industry is immune to these enterprising groups and individuals. News is rife with examples of cyber crime internationally targeting healthcare, financial institutions, and retailers, among other industries, further demonstrating that cyber crime is a global business and as more and more breaches become publicized, it is evident that business is good. 

One industry that remains a top target for these hostile actors is the pharmaceutical sector. According to the Cisco 2014 Midyear Security report, pharmaceutical, chemical, and aviation were the top three industry verticals having high threat perception. Corroborating these findings is a 2015 survey by Crown Records Management, a global consulting service, revealed that nearly two-thirds of pharma companies have suffered serious data breaches while a quarter have been hacked.  This comes as little surprise as the intellectual property (IP) relating to the drug formulation process is a global business that cost $75 billion in 2010, according to estimates made by the National Association of Boards of Pharmacy.

While healthcare organizations such as hospitals or insurance providers have substantial repositories of patient data to include personal identifiable information and medical records that can be monetized, the pharmaceutical sector is rich in intellectual property (IP) and research & development (R&D) of new drugs and medicines, the loss of which can significantly impact a company’s stature and continued well-being. Potentially compromised trial information or quality of product can result in consumer suspicion about the integrity of any data or product produced by the victimized company. When it comes to drugs and medication, it’s all about trust.

The losses a company can potentially realize extends beyond just revenue and downtime. Any cyber attack that exposes confidential data or delays supply chains can result in litigating action. According to one site specializing on global pharmaceutical technology and manufacturing news, companies can also be sued for breach of contract or else be required to repeat clinical trials, which can be costly. A 2015 Ponemon global study on the Cost of Cyber Crime revealed that the pharmaceutical sector had one of the highest rate of loss of customers post data breach, as well as a higher data breach cost.

Loss of IP is can be an especially expensive consequence for the industry. One Indian news source revealed that the IP targeted by these hostile actors include drug discovery programs, clinical development programs, drug registration applications, molecular formulae, patient records, production processes, manufacturing records, quality assurance and compliance data. Indeed, since 2008 there has been a noticeable uptick in the number of hacking incidents involving biotech firms, according to one security vendor.

And there is little evidence to suggest that this will abate anytime in the near future particularly since the pharmaceutical sector draws the attention of myriad actors including but not limited to cyber criminals, actors suspected of cyber espionage, and potentially even terrorists. The U.S. Drug Enforcement Agency recognizes that Hezbollah and Hamas make counterfeit drugs that are distributed and sold by established criminal networks throughout the Middle East and Latin America. This trafficking produces revenues that fund their terrorist activities. 

But perhaps the group that poses the greatest threat to the pharmaceutical sector are the actors suspected of cyber espionage in order to benefit competitors, or to support a government’s national objectives. Some threat analysts view the increased espionage activity suspected of originating in China to align with the government’s 12th Five Year Plan, the country’s national strategic growth plan. While there has been no direct link between the two, one can certainly see the possibility of this.

For example, according to one open source report, Chinese hackers have taken as much as 6.5 terabytes of information from a single company, although the name of the company was not publicly disclosed. Although no definitive attribution was levied, it is largely suspected that these hackers have some connection to the Chinese government and were collecting information to help Chinese companies reduce their own R&D efforts in developing their own products. In 2015, Nordic countries pharmaceutical companies were victimized by the cyber espionage efforts.

However, there is reason to believe that IP is not the sole reason for hostile actors to target the pharmaceutical sector. One global security vendor believes that these threat groups also seek the technologies, processes, and expertise as well. So the target may not necessarily be the actual IP information but the manufacturing and business practices behind its development and creation. In one incident, an advanced persistent threat (APT) group not only stole IP but also business data from the victim including bio cultures, products, cost reports, and other details pertaining to the company’s operations overseas. 

While opportunity is still the basis for some of these activities, targeting specific industries and sectors is becoming more common place. Understanding our adversaries, and understanding the types of data that they deem as valuable is an ongoing challenge but one that needs to be undertaken. We must evolve our security strategies with the threat environment and adapt to the dynamic nature of the threat actors themselves, how they operate, and devise our strategies accordingly.


Over the last two decades Brian Contos helped build some of the most successful and disruptive cybersecurity companies in the world. He is a published author and proven business leader.

After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. Brian has worked in over 50 countries across six continents and is a fellow with the Ponemon Institute and ICIT.

The opinions expressed in this blog are those of Brian Contos and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.