31 July 2017. Technology executives at pharmaceutical and medical device enterprises in the U.S. say financial and intellectual property assets are their top targets for hackers, according to survey results released today. The 2017 Cyber Healthcare & Life Sciences Survey was conducted by KPMG, an international audit, tax, and advisory company, with an advance copy of the findings made available to Science & Enterprise.
The report notes that these industries value collaboration and information sharing, and need to use advances like cloud computing to carry out increasingly complex research and development, such as clinical trials at multiple sites worldwide. But growing cyber-security threats to their companies, and even to medical devices themselves, are making it more difficult for life science enterprises to make full use of these advances.
The survey queried some 100 chief information, technology, and information security executives from medical device, pharmaceutical, and biotechnology companies with revenues exceeding $500 million. About 8 in 10 respondents listed financial (82%) and intellectual property (79%) as the information assets most coveted by online intruders. Between 4 and 5 in 10 participants also indicated clinical research (49%), internal controls (47%), and patient information (41%) as prime hacker targets.
More technology executives point to authorities in other countries as the likely culprits behind cyber attacks on their companies. More than half (53%) of the respondents cite nation-states as orchestrating the attacks, followed closely by individual hackers (49%) and hacker-activists, or hacktivists (47%). Nearly as many participants (44%) cite insiders as the likely threats.
Among medical device makers, software tampering by hackers is seen as a threat to their systems. Only about 1 in 6 (16%) technology executives at device companies expect hackers to attack software in a medical device while it’s operating, but many more — about half (52%) — believe software controlling the company’s manufacturing processes are at risk of attack. And about a third (32%) also consider tampering with device labels in the supply chain a likely risk. Device makers overall (92%) believe security and privacy should be built into design and development stages of their systems, while about half (51%) say security of their devices needs to be a collaborative effort shared with health care providers.
“The sophistication of cyber attacks is snowballing on a daily basis,” says KPMG partner David Remick in the report. “The only way organizations can stay ahead of malicious actors is to incorporate risk identification and mitigation at the earliest stages of medical device development.” Remick, KPMG’s lead analyst for life science cyber-security services, adds that “Manufacturers cannot do this alone. They need the insight and cooperation of their provider peers to really understand where attack vectors lie and how to keep patients safe.”
To deal with cyber-security threats, life science technology executives are spending more on new technical solutions and improving their internal processes. About half of the respondents (51%) plan to invest in software to boost their security through better encryption and other measures. Nearly as many (41%) expect to improve the company’s internal governance to better secure their operations. Roughly one-third also anticipate outsourcing their security (33%) or running more drills to respond to breaches (31%).
KPMG conducted the survey in February 2017, with the 100 respondents divided evenly between pharma/biotech and medical devices. The company expects to post the report on its web site later in the day on 31 July.
Update: The KPMG report is now posted.
More from Science & Enterprise:
- FDA Clears Algorithm-Assisted Cancer Diagnosis
- Start-Up Applying Artificial Intelligence to New Drug Uses
- Darpa Funding Research on Brain-Digital Implants
- Report: Growing Tech Industry Investment in Health
- Broad Inst., Intel Make Genomics Software Open-Source
* * *
You must be logged in to post a comment.