Though hackers did not manage to breach BioNTech nor Pfizer systems, the incident shows just how vulnerable is the global healthcare system and its supply chain partners. It also underscores the urgency with which all involved in development and rollout of the coronavirus vaccine have to take defensive action against such cyberthreats. The executive director for the US Cybersecurity of the Health Sector Co-ordinating Council Greg Garcia recently said, “The healthcare sector has become such a big, rich, juicy target.” As a result, in the recent months, we saw a sharp uptick of cyberattacks against organizations involved in the vaccine rollout. There have been numerous alarms about Chinese, North Korean, and Russian hackers’ activity targeting vaccine research. But a more disturbing report came from IBM Security X-Force team. Last October, they warned of a global spear-phishing campaign targeting the COVID-19 cold chain, the critical supply chain division ensuring that vaccines are stored and transported at right temperatures. In their emails, perpetrators targeted organizations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance. The attackers impersonated a high-profile employee from a Chinese company involved in CCEOP’s supply cold chain. Their phishing emails contained malicious code with the goal of getting employees’ log in credentials.
Ransomware attacks
Next on the list after phishing is ransomware attacks. They involve locking people out of their computers or phones until the victim pays a ransom. The second and third quarter of 2020 saw a record rise in the number of ransomware attacks, according to a recent report from security firm Positive Technologies. They noted over half of attacks against healthcare industry was by ransomware. US hospitals have been hit the worst. Allegedly, this is because criminals see them as more lucrative than their counterparts. In just 24 hours in October, six American hospitals got ransom demands amounting to about $1m.
The significance of attacks
It’s become clear that hackers moved from targeting financial sector to healthcare with main target being the COVID-19 vaccine supply chain. The attackers’ emails were addressed to companies that provide key components of the cold chain process: ice boxes for vaccines and solar panels that power refrigerated containers. Both are important pieces of infrastructure of high importance for the concerned countries and constitute a classic form of intellectual property. Researchers at IBM Security X-Force believe that the level of sophistication of the attacks suggest government-sponsored hackers, not rogue criminals with monetary interest. But some cybersecurity experts suspect something more malicious, attempts to interfere with the vaccine distribution, or ransomware, in which case vaccines would be held hostage by hackers until payment. “There is no intelligence advantage in spying on a refrigerator,” said James Lewis of the Center for Strategic and International Studies in Washington, DC. “My suspicion is that they are setting up for a ransomware play.” These developments were so alarming that the US Department of Homeland Security issued its own warning. All this shows that the cybersecurity of healthcare will be on the front line in 2021, and we’d better be ready.
Defending vaccine supply chain
As we’ve seen, anything about coronavirus vaccines has become state intel for major countries around the globe. And it needs to be defended as such, believes Nick Rossmann, head of IBM’s global threat intelligence team. He urges to treat the vaccine supply chain like a piece of the national critical infrastructure, just like the electrical grid or air traffic control system. But this is easier said than done. These supply chain organizations don’t normally face cybersecurity issues and they are largely unprepared. Today, they find themselves at the epicenter of cybercriminals’ interest. Besides the scientists, pharmaceutical companies, research centers, manufacturers, and hospitals, a vaccine’s supply chain encompasses suppliers, distributors, storage facilities, and their partners. These organizations employ millions of workers across dozens of countries. All of them need education about the cyber threats. Josh Corman, a coronavirus strategist at a cybersecurity agency, said in a statement that the IBM report was a reminder of the need for “cybersecurity diligence at each step in the vaccine supply chain.” In a similar vein, the Cyber Centre, a state-run cybersecurity agency in Canada, said health organizations need to be more vigilant. Meanwhile governments take steps to safeguard the vaccine supply chain, a natural step would be that organizations take proactive measures to defend themselves. This may involve closer monitoring of network logs, educating employees about suspicious emails, and promptly patching servers and critical systems for security vulnerabilities. Employees should be encouraged to report any scams or phishing attempts to their management. It’s also crucial that organizations assess their third-party ecosystems and any risks connected with their partners. IBM’s Nick Rossmann believes the solution is a collective response to cyber threats. “Warding off threats to a vaccine’s supply chain… requires a collective approach to threat intelligence sharing. Why? Because threat sharing enables a coordinated defense strategy… [It] will reduce risk, making it harder for adversaries to find a way in.”
Looking into future
We believe cyber resilience is achievable with the correct investment in expert advice and analytics. To boost cyber resilience, organizations involved in the vaccine supply chain must hone security culture within their teams. With more staff working remotely from home, this should involve ensuring data integrity and safety at every employee’s home. Whether it’s protecting supply chains, preventing phishing campaigns or ransomware attacks, or just raising awareness of the cyberthreats, businesses and organizations must act quickly and decisively to safeguard their critical infrastructure from cybercriminals.
