Historically, the pharmaceutical industry has tailored its security investments around compliance requirements. Yet, almost half of pharma companies cannot determine whether their endpoint devices comply with cybersecurity requirements.
Merck’s measures to protect against cyberattacks
Cybersecurity has become one of society’s most pressing issues today, especially in the pharmaceutical industry. One of the five breaches that the industry must learn from was the cyberattack on Merck & Company. In 2017, Merck & Co. became a target of one of the most devastating cyberattacks ever recorded. This large multinational company employs more than 69,000 people and has an operating income of $6.52 billion, but this attack doesn’t mean it can’t happen to you or your company. Learn more about the steps Merck took to protect itself against cyberattacks.
Cyberattacks can cause major losses, and insurance policies must be adjusted to cover these risks. Merck’s insurers are limiting their cyberattack exposure by working with StoneTurn, an investigation, and regulatory compliance advisory firm.
North Korean hackers targeted AstraZeneca
US cybersecurity researchers believe North Korean hackers are behind a recent attack against AstraZeneca. They claim that hackers from the North used malicious software to access systems and send malicious emails to company employees. Researchers say that North Korea previously targeted defense organizations and media organizations but has shifted its focus to 9*8attack drugmakers. They believe that the purpose of the attack may have been to steal information from drugmakers for financial gain. Meanwhile, South Korea has accused North Korea of hacking its networks and stealing confidential vaccine information.
The attack is believed to have begun on LinkedIn and WhatsApp, where the North Korean hackers posed as recruiters. They then began contacting AstraZeneca staff with fake job offers. The emails were laced with malicious code and sent via Russian email addresses. However, the attackers were unsuccessful in their attempts to gain access to the company’s computer systems.
Bayer’s measures to protect against ransomware attacks
Bayer is taking action to protect its customers from ransomware attacks. The company has been developing patches to protect its systems from this attack. The company’s cybersecurity experts believe that the Wicked Panda group initiated the attack in China. While many companies do not review their cybersecurity protocols until they’ve been attacked, Bayer is taking steps to protect its customers from similar attacks.
The Bayer cyberattack was contained. The company’s cybersecurity analysts analyzed the threat until the end of last month, and it cleared all its systems. While no data was stolen, Bayer has notified state prosecutors in Germany.
Lilly’s measures to protect against insider threats
Insider threats can be as real as outsider attacks and cause significant damage. They can be carried out by a current or former employee, a third-party contractor, or a business partner. But there are several measures that organizations can take to mitigate their risks.
Taking the right security measures is crucial in preventing insider threats from impacting the success of your business. Taking the appropriate precautions can minimize the impact of an insider threat and protect your sensitive data. You can also educate your employees on protecting themselves against these threats.
HIPAA’s lack of compliance with Emisphere’s
Emisphere’s lack of compliance with the HIPAA standards is a problem. The company was found to have a coding error that exposed over 2,000 people’s medical records. The company was forced to correct the problem within six months and analyze the corrupted information. Since then, they’ve changed their electronic systems, updated their software, and checked for bugs. However, their lack of compliance with the HIPAA standards has forced the company to review all transactions involving patient medical data, including those that are legal.
HIPAA also requires that businesses conduct audits. During these audits, HIPAA-beholden entities must identify technical, administrative, and physical gaps and develop remediation plans. They must also include calendar dates for the remediation.