Global Upfront Newspapers
CoverHealthNewsWorld News

Hackers threaten to disrupt global COVID-19 vaccine supply chain

By Maggie Miller, THE HILL, 12/06/20

Government officials and health-care groups are growing increasingly concerned about nation states and criminal hackers targeting the supply chain for COVID-19 vaccines.

Concerns have been amplified as the U.S. prepares to roll out the first vaccines later this month, with groups involved in creating and shipping the vaccines a prime target for potential cyberattacks.

“We have noticed an uptick in attacks against all aspects of the vaccine supply-chain from research through to manufacturing and distribution,” Marc Rogers, the executive director of cybersecurity at software group Okta, told The Hill on Friday.

Rogers, who helps lead the COVID-19 CTI League that tracks and helps defend against cyberattacks aimed at health groups, noted that the League has seen “ramped up” cyberattacks aimed at medical institutions corresponding to increasingly positive news around vaccine development.

“My suspicion is that all parties in the cybercriminal underground from ordinary criminals to nation states recognize that the vaccines represent a golden opportunity and are responding as such,” Rogers said.

North Korea has been among such nations, with The Wall Street Journal reporting recently that North Korean hackers targeted at least six pharmaceutical groups in the U.S., the United Kingdom and South Korea involved in developing a vaccine, including Johnson & Johnson and Novavax.

“All CISOs [chief information security officers] in health care are seeing attempted penetrations by nation state actors, not just North Korea, every single minute of every single day,” Johnson & Johnson CISO Marene Allison said at the Aspen Institute’s virtual Cyber Summit earlier this week. 

A spokesperson for Novavax told The Hill in a statement Friday that the company was “aware of ongoing foreign threats identified in the news.”

“We are confident we can continue to progress with our COVID-19 vaccine candidate without disruption and that these incursions do not pose a risk to the integrity of our data,” the spokesperson said.

But as concerns have grown in recent weeks around the process to store, ship and deliver COVID-19 vaccines once they are approved, hackers are increasingly eyeing non-health care groups in the vaccine supply chain as potential targets.

Cold storage groups — which are necessary for shipping and storing COVID-19 vaccine candidates at extremely low temperatures, such as one recently rolled out by Pfizer — have been increasingly in the crosshairs.

report last week from IBM warned of a “global phishing campaign” targeting groups associated with cold storage for the COVID-19 vaccine process. Researchers wrote that “the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.”

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) put out a corresponding alert encouraging U.S. organizations involved in the Operation Warp Speed vaccine distribution effort to review IBM’s findings.

At least one major cold storage group had already been targeted before those alerts were issued.

Americold, the largest cold-storage provider in the U.S. and a global operator of cold storage warehouses, disclosed to the Securities and Exchange Commission (SEC) in November that it had discovered that its networks had been hit by a cyberattack.

“The Company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations,” the company wrote in the filing. “The Company has notified and is working closely with law enforcement, cybersecurity experts and legal counsel.”

André Pienaar, founder of the firm C5 Capital, which helped form a group of around 40 major cybersecurity companies known as the Cyber Alliance to Defend Our Healthcare, pointed to the attack on Americold as an example of a weak link in the vaccine supply chain.

“The point of attack in the supply chain that the hackers targeted have been the cold storage facilities,” Pienaar told The Hill. “Cold storage companies are dismally underinvested in cybersecurity and the hackers can enter their systems by hacking the industrial controls rather than phishing emails.”

Cold storage groups are not the only organizations related to COVID-19 vaccines and treatments that have been targeted.

Meredith Harper, CISO of pharmaceutical group Eli Lilly, which has worked to develop a COVID-19 antibody drug, said at the Aspen Institute summit that her company had seen a major spike in attacks on third-party groups associated with carrying out Eli Lilly’s work.

“Probably this year we have done way more incidents around our third parties than we’ve seen in the last few years,” Harper said.

Government officials say they are aware of the threats to the vaccine supply chain and are working to address them.

Acting CISA Director Brandon Wales said that his agency is working with the National Security Agency and the FBI to ensure that the Operation Warp Speed vaccine supply chain process remains secure. He noted that foreign nations had targeted COVID-19 vaccine research and development initiatives since the start of the pandemic. 

“There is more that we need to do to push deeper and further into these supply chains, not just the big companies behind the vaccine, but the companies that are going to be essential to get this vaccine from manufacturing through distribution, that last mile to the American people,” Wales said at the Aspen Institute summit last week.

Pienaar said that beyond the vaccine supply chain, his group has also tracked threats to patient data collection associated with immunization. 

“Effective immunization programs depend on accurate data collection systems and software,” Pienaar said. “Our threat intelligence is that this will be the next attack vector for hackers.”

Rogers noted that while the impending COVID-19 vaccine approval and rollout is good news for public health, the threat of cyberattacks interrupting the process remains high.

“We may be nearing what looks like the finish line, but now is not the time for us to take the eye off the ball,” Rogers said. “We need to double down on vigilance and ensure that key entities in the distribution of these much needed vaccines are watched and guarded 24×7.”

Advertize With Us

See Also

Biden to Direct U.S. Military to Build Emergency Sea Port To Deliver Aid To Gaza

Global Upfront

APC Thugs Threaten Voters In Lagos, Nollywood Actress, Chioma Akpotha, Flees As They Overrun Her Victoria Garden City Polling Unit

Global Upfront

Osun Governorship: Shock As Tinubu’s Nephew, Gboyega Oyetola Lose Re-election Bid To PDP, Aregbesola Drops Cryptic Note

Global Upfront

Terror bandits kill Chief Iman, several others in Faskari LGA, Katsina State, Northwest Nigeria

Global Upfront

7 Potential Health Benefits of Avocado

Global Upfront

3 British Ex-special Forces Troops Out of 180 Killed In Russian Airstrike Near Polish Border

Global Upfront

Police arrest 50 hardened criminals, recover 10 firearms, 2,496 AK47 ammunition, others in 5 Northcentral, Northwest States

Global Upfront

Nigeria: Days of terrorism, banditry “are indeed numbered,” says Buhari on terror bandits’ massacre in Goronyo, Sokoto market

Global Upfront

‘I Am Ashamed Of You,’ IGP Alkali Baba Tells Policemen Brutalising, Extorting public

Global Upfront

EndBadGovernance: Tinubu Begs Youths To Shelve Protests As Atiku Decries 2012 Protest Leaders Now Trying To Stifle People’s Rights

Global Upfront

This website uses Cookies to improve User experience. We assume this is OK...If not, please opt-out! Accept Read More