Pharmaceutical companies and medical device manufacturers see hackers as the biggest threat to their organizations, and executives are primarily concerned that bad actors will target their company’s financial information and intellectual property.
More than half of senior IT and security executives at large pharmaceutical, biotechnology and medical device companies said the biggest threat to their organization was government-sponsored hackers, according to a survey of 100 executives released by the auditing and advisory firm KPMG. Individual hackers and “hacktivists” ranked a close second and third with 49% and 47% respectively.
Nearly 6 in 10 executives are concerned that hackers will access their research and development infrastructure, thereby compromising their company's intellectual property. Even more (69%) were said hackers were most likely to target their finances. KPMG analysts said some governments want to access that information to support their own medical advances without incurring the expenses associated with research and development.
“Recent cyber events targeting the life sciences industry demonstrate that market capitalization can be immediately eroded depending on the nature of the cyberattack and extent of damage,” KPMG Life Sciences Advisory Leader Alison Little said in a release.
Internal control systems and infrastructure was another area of concern, but pharmaceutical and device manufacturers were far less worried about patient data. Just 30% of respondents said hackers were likely to target patient information, and only 40% of medical device manufacturers were worried about their product’s hardware.
Medical device cybersecurity was a major concern in the Department of Health and Human Services’ Cyber Security Task Force Report, which proposed a “cash-for-clunkers” program that could cycle out legacy devices that are particularly vulnerable to an attack.
Given the influx of network-enabled medical devices has left health systems with more access points. But Robert P. Maliff, director of ECRI Institute’s Applied Solutions Group, wrote in an op-ed for MedCity News that some hospitals have taken steps to limit those vulnerabilities by adhering to minimum standards for networked enabled devices and building a robust patching policy.