Dr. Reddy’s Laboratories Ltd, India's second-largest drugmaker, was forced to temporarily shut operations at its key plants in the US, the UK, Brazil, India, and Russia after a cyber attack struck its data centre services.
The cyber attack took place shortly after Dr. Reddy’s Laboratories announced that it had received approval from the Drugs Controller General of India (DCGI) to conduct clinical trials for Sputnik V vaccine in India. The vaccine is currently undergoing phase 3 clinical trials in Russia as well as in the UAE.
Even though Dr. Reddy’s Laboratories Ltd was forced to isolate its data centre services, the company said the cyber attack did not cause much damage and expressed hope that normal operations will resume at the earliest. "We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident," said Mukesh Rathi, the company's chief information officer.
However, according to the Economic Times, the company suffered a massive breach as the servers targeted by hackers contained a lot of data ranging from data associated with various clinical trials as well as data belonging to the company's customers. Due to the massive breach, the company was forced to shut all of its data centre servers located in the US, the UK, Brazil, Russia, and India.
Commenting on the cyber attack that targeted Dr. Reddy’s Laboratories, Bill Conner, the CEO and President of SonicWall, said cyber criminals are now targeting medical facilities and research specifically because medical research, especially that is directed at solving the coronavirus crisis, is presently the most valuable piece of intellectual property.
"If seized, it could grant a significant advantage to the party who holds it, and indeed catapult a whole economy. Given this, whoever holds this research can claim a high price for it. Hostile actors who wish to influence or control global healthcare at this time of great need, to gain either monetary or geopolitical advantage, will be willing to pay this bounty," he added.
"With the broad adoption of SaaS tools, mobile endpoints are key to every step in the pharmaceutical supply chain, from R&D labs, to manufacturing, to sales reps in the field. These devices are used in the authentication process and support custom apps that capture and read critical information in the cloud," says Chris Hazelton, director of security solutions at Lookout.
"This makes credential theft a key goal for phishing and surveillanceware targeting pharmaceutical manufacturers. It's important that pharmaceutical companies provide endpoint protection to all the endpoints their employees use.
"The pharmaceutical industry has always been at the forefront of technology adoption. They use tablets and smartphones as integral parts of the entire drug development and distribution process. With this intense focus on a COVID-19 vaccine, pharmaceutical security teams should assume there are threat actors inside their infrastructure. Under this assumption, they need to proactively hunt for threats in and around the infrastructure to prevent breaches and contain issues at the endpoint," he adds.