UK healthcare firms ramp up cyber security spending

abstract image Light traces. visualization of hacker attacks on information data server

Health sector companies in the UK have increased their spending on cyber security more than 500% in a year in the wake of high-profile attacks on companies including Merck & Co and Bayer.

The data, drawn from UK government figures analysed by cyber security firm Specops Software, shows that health and social care companies were the second highest spenders across all industries after the finance/insurance sector.

On average, health sector firms spent $16,800 in the 2018-2019 fiscal year, up from just $2,770 a year earlier and the highest increase across all industrial categories.

In 2017, Merck was among a slew of companies hit by the notorious WannaCry ransomware attack, which disrupted medicine and vaccine production and cost the company $135 million in lost revenues. It also spent an estimated $175 million to shore up the security of its IT systems.

Meanwhile, earlier this year Bayer revealed it had been subjected to a year-long cyber-attack – thought to originate from the China-based Winnti hacking group – which took months to resolve. It hasn’t commented on the cost of that remediation effort, but says there was no evidence of data theft.

A few years back security specialist Kaspersky said that Winnti had started targeting pharmaceutical companies, suggesting it may be for the purposes of industrial espionage.

Meanwhile, it’s recognised that hackers are increasingly attacking private companies, and the drug industry’s poor reputation with the public on issues like medicine pricing and animal testing makes it a target. A 2018 report by Deloitte said the industry was the most targeted industrial sector, suggesting intellectual property theft was a key motive.

Specops says in its report that in 2019 alone, more than half (55%) of all UK firms have already encountered a cyber-attack, with average losses from breaches estimated at £176,000. This month also saw a large-scale attack by hackers on the Labour Party’s digital platforms.

 “As cyber-attacks/breaches become more frequent and complex, cyber-security has to be a high priority for firms,” said Specops cyber security expert Darren James, who recommends that companies carry out regular vulnerability assessments of their IT systems.

“Otherwise they face the huge risk of leaving their website and digital communication platforms exposed to devasting cyber-attacks/breaches.

Other measures that can reduce the risk include developing a formal best practices document on cyber security, as well as making sure they keep anti-virus software up-to-date, apply the latest security patches and periodically change passwords across their IT estate.

With biopharma companies adopting greater levels of digitalisation and storage of data across manufacturing, R&D and other business functions, their security practices are becoming ever more critical.