The Average Cost of a Life Science Data Breach is Now Over $5M and Will Rise in 2023
The Internet of Things (IoT) and other digital technologies useful for life sciences organizations have recently come under attack. The amount of data in fields such as healthcare, pharmaceuticals, biotechnology, and medical devices is staggering—and much of it is proprietary and private. Indeed, healthcare and life sciences have become the biggest target for cybercriminals, yet these fields remain woefully unprepared.
Online crimes quadrupled during the COVID-19 pandemic, with more focused attacks continuing to target the life sciences today. Significant amounts of data have been lost, including personally identifiable information. What’s more, the average life sciences data breach costs $5.04 million and is rapidly rising. In extreme cases, a single attack can cost more than $1 billion. Life sciences companies need to increase security for their IoT devices, and it needs to happen now.
The Critical Need for Life Science IoT Security in the Face of Growing Threats
While life sciences organizations are going digital, most aren’t implementing the necessary IoT security—despite facing new online threats regularly. Recent high-profile breaches have hit manufacturing systems, vaccine production, and regulatory information. Other attacks include phishing (fake emails to extract passwords), threats against Internet-facing systems, and attacks on IoT medical devices.
Specifically, crimes may disrupt supply chains and interfere with ongoing work. Or you may lose years of key information used in research overnight. The direct and indirect costs of cyberattacks can easily add up to millions of dollars. Therefore, it’s critical that life sciences organizations deploy capable defenses.
The life sciences sector has become a prime target for several reasons. First and perhaps most importantly, their work is deemed crucial and was especially so during the COVID-19 outbreak. Another motivation is the value of data, including intellectual property and protected health information (PHI), which hackers can sell illegally. Criminals want to extract data and dollars.
What’s more, the emerging cybersecurity threats against life sciences organizations are part of a broader pattern. Experts say we can confidently expect to see a cyberattack of unprecedented size on a healthcare organization in 2023. More people’s identities will be stolen, more data will be lost, and more progress will be stalled.
Recent Cybersecurity Attacks on Life Sciences Organizations
As with nearly every other industry, data is now central to life sciences organizations. Pharmaceutical research and biotechnology contribute enormous value to society and the economy. Their intellectual property is worth billions.
Complicating matters is the lack of clarity around who’s responsible for protecting IoT devices and other systems on the network. Therefore, the entire organization must practice safe behaviors and use modern security tools in this age of digital threats
Recent attacks show the risks facing life sciences organizations are quite real. High-profile breaches at Novartis and the European Medicines Agency (EMA) reveal a growing global menace. These are only a few prominent examples, with more breaches occurring each year.
What’s worse, no one is immune. Hackers have broken into many large, well-known companies like Johnson & Johnson and Merck, as well as smaller organizations. In fact, thousands of breaches have hit life sciences companies in just the last few years, with the fallout varying widely. For instance, a February 2023 attack on 17 U.S. hospitals caused nothing more than unavailable websites and inconveniences. But the size of the Merck hack was immense—it cost the company more than $1 billion.
A cyberattack can happen at any time, so businesses must be prepared. Let’s look at two recent breaches:
The international pharmaceutical giant Novartis recently lost data in a cyberattack. A notorious group of hackers broke into the company’s manufacturing laboratory systems and made off with proprietary information on DNA-based drugs.
The criminals tried to sell the information online for half a million dollars. Novartis has responded publicly by saying they did suffer a breach but not of sensitive data.
Novartis got off easy: they mainly lost email correspondence, not better-protected data. Still, it could have been much worse, and it was a wake-up call for them and others in the industry. Some corporations have lost client records and clinical trial data in similar attacks.
European Medicines Agency
The European Medicines Agency (EMA) suffered a data breach in which the attackers got away with COVID vaccine information from BioNTech and Pfizer. The hack took confidential information necessary for the European regulatory body’s normal operations.
The EMA oversees pharmaceutical development in the European Union. Hackers leaked data on vaccine developments online, including the evaluation process for new vaccines and various office files for approval. The organization said hackers may have wanted to portray the vaccine process as unreliable.
The hackers also made the agency’s internal emails public. The agency claims these may have been modified to sow distrust of the vaccines in question. Law enforcement continues to investigate.
Turning Lessons into Action
The attacks against Novartis and EMA represent a broader pattern. Criminals are growing bolder, and the scale is growing larger. The increasingly aggressive threats on life sciences organizations—which some have deemed acts of war—call for comprehensive cybersecurity measures.
Organizations need to increase security for their IoT devices due to the increased attention on life sciences. It’s no longer safe to move to digital systems without taking precautions. Too much research and client information are at risk from IoT devices. Life sciences groups need a security tool built for the internet of things.
Mitigate Cyber Risk in Life Sciences with Asimily
Asimily’s Internet of Medical Things (IoT) risk remediation platform covers all devices within your facility. It helps life sciences and healthcare organizations focus their efforts on the most pertinent threats. Features support medical and laboratory devices, providing an easy-to-use tool for life sciences cybersecurity.
With Asimily’s solution, you can track security information for each device on the network. That information can also integrate with other software, which streamlines the management of life sciences facilities. In addition, automatic vulnerability monitoring warns you of potential problems ahead of time. If an attack does occur, the system helps mitigate and recover losses.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.