Nation-state actors are intensifying their attacks against organizations in the healthcare industry, like Johnson & Johnson, that are involved in the development of the COVID-19 vaccine.
Johnson & Johnson, along with other COVID-19 research companies, has been recently hit by North Korea-linked hackers.
“North Korean hackers have targeted at least six pharmaceutical companies in the U.S., the U.K. and South Korea working on Covid-19 treatments, according to people familiar with the matter, as the regime seeks sensitive information it could sell or weaponize.” reported the Wall Street Journal.
“The firms include previously unreported targets in the U.S.: Johnson & Johnson and Maryland-based Novavax Inc., which are both working on experimental vaccines, the people said.“
Nation-state actors are targeting healthcare organizations “every single minute of every single day,” Marene Allison, the Chief Information Security Officer at Johnson & Johnson, said Thursday at the online Aspen Cyber Summit.
Allison is confident that major healthcare and pharmaceutical organizations involved in the development of the COVID-19 vaccine have implemented strong defenses against cyber attacks, but she believes that third parties involved in the supply chain may not.
“Healthcare companies literally have seen an onslaught [of cyberattacks] since March 2010,” Allison added
“That is the day that the Chinese actually started a hard knock of most of the healthcare in the United States.” “Meredith [Meredith Harper, CISO at Eli Lilly) and I, and in all CISOs and healthcare organizations, are seeing attempted penetrations by nation-state actors, not just North Korea, every single minute of every single day,”
Anyway, Allison admitted that her company is not able to attribute the attacks to specific threat actors, she explained that Johnson & Johnson is relying on H-ISAC and CISA to receive information that could help it in identify cyber-attacks.
Allison added that Johnson & Johnson saw a 30% uptick in cyber-attacks targeting the company.
“There’s only going to be so many people who could get information and turn it into a vaccine,” she said. “Then we’re going to have the group of people who just decide that ‘well I don’t want the world to have a vaccine’. “For us, inside, it’s really not much of a difference.”
(SecurityAffairs – hacking, BISMUTH)