Don't Let Cybercriminals Ruin Your Deal

20 August, 2022

From the outside, the pharmaceutical and Life Sciences sectors appear to be in great shape. The world applauds the remarkably fast development of COVID vaccines and their efficacy in treating a deadly pandemic. Less noticed but also vital are encouraging progress in oncology and treatments for chronic conditions like diabetes and autoimmune diseases. Technology is playing a part, with AI (Artificial Intelligence) enhancements that improve the precision of diagnostic and therapeutic medical devices and speed the analytics process in labs.

As a result, more drugs are being developed faster: In the U.S., the FDA approved 55 new drugs in 2021. The pharmaceuticals market is expected to grow at a compound annual growth rate (CAGR) of 6.7 percent over the next 5 years, with biologics, personalized medicine, and generic versions of formerly branded medications expected to dominate pharma growth through 2026.

To finance that growth, pharma companies are investing in drug discovery and development and, for larger companies, acquisitions of smaller innovative firms with promising products and talent.

Despite Pharma’s rosy image, dollars are getting scarce.

While 2021 saw a burst of investments and companies going public, Q4 of that year and activity in 2022 is decidedly less active. The Nasdaq Biotechnology Index is down 26% in the first six months of the year. Not only are acquisition dollars drying up, but development dollars are in jeopardy as well during this “Biotech Winter” spell.

Security threats loom large.

In poker, as in making a deal in pharma, secrecy is key. Tipping your hand to the competition is a sure way to lose. For pharma companies large and small, the threat of cybercriminals is a fact of life. Should an attack occur, the consequences are stolen IP (Intellectual Property), the cost of repeating clinical trials, lost revenue, litigation, and a lost deal.

The U.S.-based Cybersecurity and Infrastructure Security Agency (CISA) reinforced this risk message with its October 2020 advisory warning of the “increased and imminent threat” of hackers and ransomware in the healthcare and public-health sector. Caroline Rivett, Cyber Security Life Sciences Leader at global accounting firm KPMG, warned that “the prevalence -and cost – of increasingly sophisticated ransomware attacks continue to grow unabated.” The 2020 Cost of a Data Breach Report developed by IBM and the Ponemon Institute found that biotechnology and pharmaceutical companies experience more breaches than any other industry.

That cost can be large. The 2017 cyberattack on Merck & Co. crippled 30,000 end-user devices,7,500 servers, and caused $1 billion in damages, lost sales, and resources to recover from the incident.

Every Life Sciences firm must be vigilant to avoid cybercrime and having operations shut down by the FDA for non-compliance – the consequences can be disastrous.

How hackers hurt Pharma

Hacker malware can deny user access to documents and, in some cases, freeze the server operating system. Hackers then demand ransom, potentially with the threat of leaking information to competitors. Cyber-risk monitoring company Black Knight reports that some 10 percent of pharmaceutical manufacturers are highly susceptible to a ransomware attack, and that more than 12 percent of pharma industry vendors are likely to incur a ransomware attack.

Hackers are increasingly focusing on pharma for two reasons: one, pharma companies have large volumes of sensitive and confidential information, including intellectual property and patient records; and two, pharma companies have deep pockets to pay ransomware.

To ensure success, cybercriminals are using more sophisticated hacking techniques. While the industry has been beset by auto-spreading ransomware such as WannaCry and NotPetya in the past, newer AI-enhanced software is designed to monitor lateral movements of documents as they are shared in collaboration or moved into archives. The art and science of monitoring a target’s backup regimen has also become very sophisticated. Hackers might monitor a target for months with the objective being to cripple the backups first, long before contaminating live data and exposing the attack. So once the ransom demand is made, the victim literally has no choice but to pay the ransom, because recovery from backup has already been rendered useless.

This monitoring activity allows the hackers to find more vulnerable entry points. Among the most popular points of entry:

  • Archived documents on storage servers with mediocre security
  • Work-in-progress documents created in Microsoft Word, Excel, and PowerPoint, Google Docs, and other popular office productivity software
  • Shared documents on collaboration platforms like Slack, Asana, and Trello with lax security protections
  • Documents shared in emails (most email is not-secure and easily hacked)
  • Documents in active directories of testing software like Cobalt Strike, Metasploit, and Mimikatz

Monitoring also helps hackers assess the potential value of the information they are stealing. As a result, today’s hackers are increasingly demanding double payment: ransomware, to restore access to a company’s own files and systems; and blackmail, to stop them from making the sensitive data available to competitors or the public.

Why is Pharma so vulnerable?

In the language of cyber security, pharma has a large “attack surface”, meaning many points of attack for a hacker. Several relatively recent industry developments have increased risks:

  • Digitization of research
  • Move from on-premises storage to cloud environments, esp. for backups
  • The need to monitor an increasingly complex set of security tools that too often don’t work well with one another
  • The move to hybrid work and working on sensitive documents on home networks without adequate cybersecurity protections or new protocols
  • Connections and collaborations with employees, analysts, labs, monitoring equipment, and other electronic devices in remote locations that may not have enterprise-grade security features

The rapid move to a remote workforce has resulted in well-meaning employees inadvertently doing insecure things with work devices, potentially increasing the risk of accidental data loss. Recent research finds that security incidents caused by careless or malicious insiders cost healthcare and pharmaceutical companies nearly $11 million annually.

Unfortunately, disgruntled pharma employees are also a threat. A workforce that has been mostly working remotely, particularly those who feel exhausted, overworked, and perhaps underpaid or underappreciated – is one that is susceptible to insider cyber attacks. As a result, 43% of reported breaches are caused by malicious insiders.

How to reduce cybercriminal risk

To protect against cybercriminals, a pharma company needs to engage in “Active Defense” techniques:

  • Enterprise-grade security to protect confidential archived documents as well as collaborative work-in-progress documents
  • Implement password-protected privileged access control to sensitive documents
  • Time-date restricted access to documents for third parties with automated removal of exploitable credentials and connections
  • Manage logs and monitor network traffic to detect suspicious lateral movement
  • Maintain strong offline encrypted backups of data, segregated from the rest of the network, and regularly stress test to ensure their integrity
  • Develop a network security plan that can contain and isolate confidential archived information

Security leaders in the life sciences industry should familiarize themselves with government guidance and embed new controls into their plans where they have gaps: In the U.S. refer to best practices from, CISA (Cybersecurity and Infrastructure Security Agency); in the United Kingdom, the NCSC (National Cyber Security Centre).

Any US firm handling clinical trials data must also be wary of 21 CFR 11 compliance. Being watchful of this will go a long way toward ensuring the right cybersecurity protections are enforced in the software used for storing this sensitive data.

The best strategy is to start with document security.

Pharma product development is a collaborative process. Team members in R&D labs, clinical research organizations (CROs), testing companies, and third-party experts collaborate, often from remote locations. The process generates large data files and extensive documentation over a long period of time. These teams then present their findings to Pharma manufacturers, investors, and regulatory organizations.

Unfortunately, the Pharma collaboration process generally makes use of popular consumer software applications that lack the advanced security needed to protect critical documents. Currently, development teams often archive documents using consumer options offered by Google, DropBox, and other providers. Similarly, work-in-progress documents are generated and shared using Word, Excel, Google Docs, and other consumer applications.

ShareVault meets Pharma’s security needs.

ShareVault is an online platform that provides enterprise-grade security for archiving confidential documents, generating and collaborating on work-in-progress documents, and redacting or redlining documents nearing publication.

Request a demo

ShareVault VDR protects archived documents.

ShareVault’s Virtual Data Room (VDR) provides a secure repository for critical documents such as databases, analytics, test results, financial data, patient and customer files, and progress reports. Access to the VDR is controlled by the project administrator. An authorized team member uses two-factor authentication to access or upload documents from any authorized device, at any time of day, from any location.

The ShareVault administrator can set time and content limits on access and can deauthorize access and remove credentials and connections at any time. The administrator also has time-and-content logs of all activity, allowing him or her to monitor progress on an initiative and to guard against unwanted activity.

The administrator can extend access to senior management, regulators, partners, investors, and other third parties for a prescribed period of time.

The ShareVault platform has built-in document management software that makes it easy to organize archived documents. Features include drag-and-drop tools to create folders and folder hierarchies, enhanced with cross-referencing tools like inter-document hyperlinking and a powerful full-text search engine. With its robust menu of organizational tools, ShareVault makes the process of building an archive a fast and painless process for the team. ShareVault also provides an eCTD viewer for use when a document is shared as a regulatory submission.

ShareVault DNFP protects work-in-progress documents.

The Pharma and the Life Sciences development process involves the creation of new documents, typically shared in a collaborative effort. Team members often use popular applications like Word, Excel, PowerPoint, Photoshop, Illustrator, Google Docs, AutoCAD, SolidWorks, and Cadence. Unfortunately, these applications lack enterprise-grade security, and are vulnerable to hackers.

In contrast, ShareVault’s proprietary “Dynamic Native File Protection” (DNFP) software provides enterprise-grade protection for work-in-progress documents. With a few simple steps, the development team can generate new documents in a secure environment using the very same applications they use today. The difference being, that now those documents are encrypted and can only be opened by users who have DNFP enabled and are authorized to access those particular documents.

Here’s how DNFP works:

  1. Encrypt the device – desktop, laptop, phone, and/or tablet with a user-ID code.
  2. Define the user’s sharing – read-only or “dynamic”, meaning the recipient can alter the document.
  3. Collaborate safely – collaborators work normally in the native file environment of Word, Excel, or any other application.

Team members can generate and share new documents exactly as they would normally do, all from within the safety of the ShareVault DNFP encryption framework.

ShareVault is a proven solution.

ShareVault is the leading online platform, with a 15+ year history in Pharma and the Life Sciences. When regulatory submissions are required, ShareVault is the preferred platform for sharing Electronic Trial Master Files (ETMF), Investigational New Drug (IND) applications, New Drug Applications (NDA), Abbreviated New Drug Applications (ANDA), Biologics License Applications (BLA), Drug Master Files (DMF), Biologics Master Files (BMF), Emergency Use Authorizations (EUA), and other regulatory submissions. With its many pharma-friendly features, ShareVault has been selected by the Biotechnology Innovation Organization (BIO) and 50+ other industry trade associations for their Business Solutions Program.

ShareVault: Focus on the deal, not the software!

With ShareVault, every aspect of your team’s product development process can proceed efficiently and smoothly, including protections for work-in-progress documents in the revision and review process. As an online cloud-based platform, users can access ShareVault anytime, from anywhere, any hour of the day, from any device, without any involvement of your IT team. Make the smart move to ShareVault!

Request a demo