Government-sponsored hackers were seen as the biggest threat to cyber security among executives in charge of technology, information, and security at drug and medical device makers, according to the 2017 Cyber Healthcare & Life Sciences Survey by audit, tax and advisory firm KPMG.
Nation states topped the list of threats from 53 percent of respondents, followed by individual hackers and hacktivists. The data that hackers are seeking are mostly tied to financial information (69 percent) followed by patents and clinical research (63 percent), found the survey of 100 US tech, data, security executives from medical device and pharmaceutical/biotech companies.
“Some nations desperately want intellectual property to support local life sciences organizations without incurring R&D costs and challenges,” said David Remick, a KPMG partner who works with life sciences companies.
“Drug and medical device makers have significant volumes of valuable financial and clinical information,” said Life Sciences Advisory Leader Alison Little. “Recent cyber events targeting the life sciences industry demonstrate that market capitalization can be immediately eroded depending on the nature of the cyber-attack and extent of damage.”
“The life science industry is increasingly engaging patients directly through web portals and apps to help them better manage their conditions, but this opens the door to new risks,” said Michael Ebert, a KPMG partner who leads cyber for the Healthcare & Life Sciences Practice.
Life sciences organizations listed multiple priorities required to be more effective in cyber security. Better technology (36%) was cited as the highest priority for medical device makers, followed by an overarching strategy on data collection/protection (28%). Pharma organizations cited stronger processes (24%) as the biggest need, followed by more funding and better technology tied for second at 22 percent. Greater staffing was seen as a priority among only 9 percent of respondents.
“Many organizations prioritize technology solutions over improving processes and training staff. This is a grave mistake,” Remick said.
Despite 62 percent of executives saying they are feeling “more secure” even after the reports of high profile breaches, about 40 percent of life sciences companies said their overseas security protocols are not as strong as those in the United States, making EU data privacy rules much more significant. The survey found more than a third (34 percent) described their organizations as under-resourced internationally.