April 2023: Enzo Biochem, a New York-based biosciences and diagnostics company, experienced a ransomware attack that involved the “unauthorized access to or acquisition of clinical test information of approximately 2,470,000 individuals.”
April 2023: German biotech Evotec shut down its network due to a cyberattack.
March 2023: Sun Pharma, India’s largest biotech firm, was hit by an IT security breach. The company quickly isolated the affected systems to avoid disruption to its operations.
November 2022: Novartis reported a cyberattack by online extortion ring Industrial Spy. Luckily for Novartis, no sensitive data was compromised.
November 2022: AstraZeneca reported a “user error” that exposed records sensitive patient data online.
June 2022: Swiss pharma giant Novartis had data stolen in an attack by online extortion ring Industrial Spy.
The above are examples of cyberattacks on the biotech and life science sectors during the past 12 months. The frequency of these attacks led Nature, the publisher of academic journals, magazines, and online databases, to deem biotech “the weakest link of all the sectors in health care”. A 2022 U.S. government report found that health care was the industry highest-hit by cyber-attacks, accounting for nearly a quarter of events.
Why Biotech is Hacker Heaven
Experts say that biotech and life science sectors are targets for three primary reasons:
- Biotech online data includes vast numbers of highly confidential documents, including trade secrets, patient health records, and financial analytics.
- Biotech companies are often cash-rich or are subsidiaries of cash-rich parent companies.
- The biotech product development process is highly collaborative, which provides a host of attack points for hackers. Collaborating parties can include clinical teams, labs, analysts, third-party experts, manufacturers, and regulators, all of whom have varying degrees of access to sensitive files.
Cybercriminal Targets in Biotech
Intellectual Property (IP) Theft: Biotech companies invest significant resources into research and development to create innovative products, therapies, and processes. Hackers target these companies to steal intellectual property, such as proprietary formulas, genetic sequences, or clinical trial data. This stolen information can be sold or used by competitors, leading to financial losses for the targeted biotech company.
Data Manipulation: Biotech companies generate and store vast amounts of data, including patient information, clinical trial results, and research findings. Manipulating this data can have serious consequences, such as altering drug trial outcomes or tampering with patient records. Hackers with malicious intent exploit vulnerabilities in the biotech company's systems to manipulate data for financial gain or to cause harm.
Operational Disruption: Disrupting the operations of a biotech company can compromise critical infrastructure, such as manufacturing processes, laboratory operations, or supply chains. By disrupting production or compromising the integrity of research and development activities, hackers can cause significant financial losses and delays in bringing biotech therapies to market.
Ransomware Attacks: Biotech companies, reliant on their digital infrastructure for research, manufacturing, and data management, can be attractive targets for ransomware attacks. Hackers may encrypt critical systems and data, demanding a ransom payment to restore access. The potential loss of data or operational disruption can be devastating, leading some companies to pay the ransom to minimize damage.
Financial Gain: Like any industry, biotech companies possess valuable financial information, including investor details, stock prices, and merger and acquisition plans. Hackers target these organizations to gain insider information or engage in fraudulent activities like insider trading or market manipulation.
How Biotech Can Respond to Cybercrime
To mitigate these multiple risks, biotech companies need to implement robust cybersecurity measures including:
- Strong user access controls
- Data and document encryption protocols
- Employee cybersecurity training
- Third-party security audits
- Regular software updates and patches
Collaboration among biotech companies, government agencies, and cybersecurity experts can also help in developing proactive strategies against cyber threats.
Why a Virtual Data Room is Essential for Biotech Security
A prominent feature of biotech collaboration is the storing and sharing of confidential documents. A biotech company can protect these documents by using a virtual data room (VDR). A VDR is a secure online environment for storing and sharing files and documents, with enterprise-grade security features far more robust than consumer file-sharing apps like Box, DropBox, Google Drive, and OneDrive.
Among VDR providers for biotech, ShareVault stands out. ShareVault has been serving the biotech industry for more than 15 years with bank-grade security and has been named as the preferred Business Solutions Program provider by the Biotechnology Innovation Organization (BIO) and more than 50 other life science trade organizations.
With a ShareVault VDR, only authorized users have access. Collaborators - even those in remote locations - can upload, store, and access all documents related to a project in one place, making it easy to find and access relevant documents and data and media files.
ShareVault provides robust security features, including 256-bit encryption, two-factor authentication, dynamic watermarks, and audit trails. Only authorized users can access sensitive data and administrators can track all data room activities to provide valuable deal intelligence. ShareVault user permissioning controls extend to individual documents, with usage defined as full access, read-only, or download and screenshot capabilities. As an extra precaution against hacks by the competition or cybercriminals, ShareVault provides dynamic watermarking and the ability to remotely shred documents even after they’ve been downloaded.
Clinical trials are frequently used in the creation of biotech products. Whether shared or kept, patient health information (PHI) is secure in ShareVault's VDR environment, which complies with HIPAA's strict privacy regulations.
ShareVault’s Virtual Data Room is not only Secure, but also Easy to Use
A biotech company doesn’t need to forfeit productivity to ensure security. ShareVault’s VDR software includes features to help biotech companies store, organize, and share documents with team members and prospective partners. ShareVault’s time-saving document organization features include:
- Drag-and-drop uploads and integration with file sharing apps like Box, DropBox, Google Drive, and Microsoft SharePoint and OneDrive
- Full-text search engine, with filters for Recent Read/Unread, Published By, and File Type
- Inter-document hyperlinking
- Hierarchical tags, a hashtag notation for a document that allows it to appear in multiple folders
- Q&A, a feature within each document where team members can pose questions and receive replies from designated experts
- ShareVault monitoring tools, essential for audits by senior management, potential investors, and regulatory agencies—updated in real time and showing minute details with a report generated with a single click
When making regulatory submissions, ShareVault data rooms are 21 CFR Part 11 compliant. It is the preferred platform for sharing Electronic Trial Master Files (ETMF), Investigational New Drug (IND) applications, New Drug Applications (NDA), Abbreviated New Drug Applications (ANDA), Biologics License Applications (BLA), Drug Master Files (DMF), Biologics Master Files (BMF) Emergency Use Authorizations (EUA), and other regulatory submissions.
Biotech collaboration includes not only storing and sharing confidential documents, but also generating new ones. To meet that security need, ShareVault offers Dynamic Native File Protection (DNFP), a software feature that protects work-in-progress documents. Using DNFP, multiple contributors can safely add and remove text as the document goes through its iterations until it is finalized.
ShareVault also features Collabloop, a document editing tool expressly designed to facilitate the redlining process for final reports, due diligence documents, or regulatory submissions.
How a Virtual Data Room Helps Biotech Reduce Security Risks
ShareVault provides a secure and controlled environment for protecting confidential documents and data, with built-in document management software that improves productivity. As a long-time partner to biotech, we provide document security so you can focus on research and development activities.
Since each biotech firm has unique needs, ShareVault customizes its feature sets and pricing. To receive a customized ShareVault proposal, contact ShareVault today!