Health care cyber-specialist David Nides remarked that the stakes are higher than ever in the race for a cure for the pandemic. In an interview, the specialist from KPMG in Chicago remarked: "There's a race for a vaccine or a treatment, and the prize is huge for whoever comes out on top." Given these circumstances, many countries are now scrambling to create a vaccine – while some others lurk in the shadows and observe.
Nides estimated that cyber-attacks on healthcare and life sciences institutions spiked during the pandemic. He added that cybercrime in the healthcare sector experienced a 300 percent increase since May 2020. This equated to a three-fold spike compared to the same period a year before.
Unscrupulous parties have long eyed healthcare companies and organizations for cyber-attacks due to the valuable health information they contain. Relatively lax security, as evidenced by a large number of access points and devices that can be breached, only exacerbate the problem. One such case involved pharmaceutical firm Merck & Co., which fell to a ransomware attack in 2017. The drug manufacturer confirmed that its systems were impacted by the attack, which originated from Ukraine.
"We confirm our company's computer network was compromised today as part of [a] global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more," Merck said in a statement.
Meanwhile, the U.K.'s National Cyber Security Centre (NCSC) said that vaccine manufacturers in multiple countries were targeted by the APT29 hacker group. It added that this collective is "almost certainly" part of Russian state intelligence. Security agencies in the U.S. and Canada seconded the British agency's findings. However, erstwhile NCSC Chief Executive Officer Ciaran Martin said in an NBC Nightly News interview that there is no evidence the hacker group stole data. Instead, APT29 only infiltrated systems.
Martin later condemned the cyber-attack as "deplorable." He remarked: "It's deplorable, and we call it out in the strongest possible terms. [We] are trying to make sure [that] by publicizing the [cyber attack's] technical details, … people can defend against it." (Related: U.S. officials say Chinese hackers are stealing trade secrets about coronavirus vaccines.)
British universities also working on COVID-19 vaccine research said they took measures to safeguard their data. The University of Oxford said it is working with authorities "to ensure [its] COVID-19 research has the best possible cyber security and protection." British drug manufacturer AstraZeneca collaborated with Oxford to manufacture its Wuhan coronavirus vaccine candidate. Imperial College London meanwhile said in a statement: "We take appropriate security measures and have benefited from government advice, including from the [NCSC], to provide extra protection around our COVID-19 vaccine work." (Related: Oxford University lab researching coronavirus was just targeted in a cyberattack.)
Canadian Minister of Public Safety Bill Blair commented that the cyber-attack "probably did not set back" the country's efforts. However, he reiterated that the infiltration attempt by bad actors serves as a reminder to Canadian scientists and industries of how much is on the line. "We remain concerned. Not just the Russians … but other foreign actors as well. There are unfortunately people in this world who don't play by the rules and represent a risk – even a threat – to Canadian interests and to everyone's interest," Blair told reporters in Ottawa.
Focal Point Data Risk Executive Vice President of Advisory Services Michael Ebert pointed out Russia's inadequate scientific infrastructure. The top official of the Florida-based cybersecurity company said Russia has not invested in infrastructure for vaccine manufacturing compared to other nations. He continued that the hacking only shows Russia's desperation for access and guidance on vaccine manufacturing.
On the other hand, the head of Russia's sovereign wealth fund quickly slammed accusations of the country's involvement in hacking attempts. Russian Direct Investment Fund (RDIF) Chief Executive Officer Kirill Dmitriev said during a Times Radio interview: "This whole story is an attempt to tarnish the reputation of the Russian [COVID-19] vaccine by some of the people who are scared of its success." The RDIF head surmised that the hacking story may have been propagated "because the Russian vaccine could potentially be the first to [go to] the market and … be the most effective."
RDIF is also involved in the development of the vaccine, which eventually came to fruition as the Sputnik V COVID-19 jab. The vaccine candidate developed in partnership with the state-run Gamaleya Research Institute of Epidemiology and Microbiology has received approval in countries such as India and Vietnam.