Are you vulnerable to the ransomware that hit LabCorp?

Posted by: Do Lee July 25, 2018 Life Sciences

Cyber-attacks, like the ransomware attack that hit LabCorp last week, put valuable data at risk. Attacks endanger the data of the business that gets hit, plus all the information they have about their customers.

This is particularly frightening for Life Sciences organizations that hold sensitive personal health data information (PII and PHI) and expose the organization to HIPAA violations. The Wall Street Journal reported on Thursday, July 19, 2018 that LabCorp’s database contains health information on “roughly half the U.S. population.” Companies must protect their data—whether it is proprietary trade secrets or the personal details of their customers. What can Life Sciences organizations do to defend themselves against attacks? Is your organization also vulnerable?

Life Science organizations are often under-prepared to counter cyber threats like ransomware. They may lack the knowledge, tools, or staff to adequately address cyber security. Or they may have invested all of their IT resources in other ways. Many organizations are using antiquated cyber defenses and IAM solutions, or are unaware of best practices for protecting data across the entire ecosystem of sponsors, CROs, and clinicians.

Third-party risk is a major concern—and the sharing of data with clinical partners, physicians, and others leads to additional vulnerabilities.  A breach in any part of that extended network exposes everyone’s data. In this case, LapCorp identified the ransomware within a newly-acquired part of their business. The attack, and the resulting security activities, caused a disruption that extended throughout LapCorp to their drug-development arm, Covance. Breaches, viruses, and other cyber-attacks can spread from one organization to another in the same way.

Security breaches expose intellectual property, disrupt operations, damage reputations, and lead to loss of customers. A recent breach for a major drug developer cost an estimated $1 billion.

Aside from external risks, organizations also now have to deal with broad-ranging regulations regarding their data. The cost of non-compliance can be crippling. A single violation of the EU’s recently enacted GDPR can cost the greater of $23M or 4% of global revenues. Failing an FDA or process trial audit significantly delays time-to-market, narrowing the window of exclusivity.

So, what can be done? Cyber security best practices include carefully managing who can and cannot get into your network. For example, many of the Life Science industry’s largest organizations rely on the Exostar Identity and Access Management platform to protect sensitive systems and data from unauthorized access. We have made substantial security investments that align with evolving industry and government standards and regulations.

Ransomware attacks are not going away—but there are ways to mitigate risk and limit the damage. Find out how Exostar can help by contacting us today.