Black Kite Published New Study Showing Risk to Pharma Manufacturers

According to a new study published this week by the cyber risk network Black Kite, one out of every ten global pharmaceutical manufacturers is at high risk of being hit by ransomware. The cybersecurity posture of the 200 largest global pharmaceutical companies and 166 associated third-party vendors were assessed in the study, which was released on Tuesday.

Hundreds of millions of people around the world depend on the pharmaceutical industry for their regular drugs. On a scale of 0.0 to 1.0, the company used open-source information sources in conjunction with machine learning to assess businesses’ vulnerability to ransomware attacks. According to Black Kite, nearly 10% of companies were above the “critical” level of 0.6, suggesting high susceptibility.

The average susceptibility was highest among medium-sized pharmaceutical firms. Out-of-date applications, phishing vulnerabilities, publicly accessible sensitive ports, passwords in deep web lists, and previous data breaches were among the security concerns. According to the study, vendors are also vulnerable: 12.2 percent of IT solutions and nearly 5% of software vendors are above the critical level, but data management vendors are the most dangerous.

So, what makes pharmaceuticals such a lucrative target? Digital transformation, data access, commonly adopted medical technology, and complex supply chains are among the reasons cited in the study. Ransomware attacks have been in the news since they caused the Colonial Pipeline to be shut down earlier this month, as Maley reported.They are, however, nothing new in the healthcare industry. Scripps Health experienced a two-week network outage this week due to a ransomware attack, while Ireland’s National Health Service faced a shutdown of its own.