UK healthcare firms ramp up cyber security spending
Health sector companies in the UK have increased their spending on cyber security more than 500% in a year in the wake of high-profile attacks on companies including Merck & Co and Bayer.
The data, drawn from UK government figures analysed by cyber security firm Specops Software, shows that health and social care companies were the second highest spenders across all industries after the finance/insurance sector.
On average, health sector firms spent $16,800 in the 2018-2019 fiscal year, up from just $2,770 a year earlier and the highest increase across all industrial categories.
In 2017, Merck was among a slew of companies hit by the notorious WannaCry ransomware attack, which disrupted medicine and vaccine production and cost the company $135 million in lost revenues. It also spent an estimated $175 million to shore up the security of its IT systems.
Meanwhile, earlier this year Bayer revealed it had been subjected to a year-long cyber-attack – thought to originate from the China-based Winnti hacking group – which took months to resolve. It hasn’t commented on the cost of that remediation effort, but says there was no evidence of data theft.
A few years back security specialist Kaspersky said that Winnti had started targeting pharmaceutical companies, suggesting it may be for the purposes of industrial espionage.
Meanwhile, it’s recognised that hackers are increasingly attacking private companies, and the drug industry’s poor reputation with the public on issues like medicine pricing and animal testing makes it a target. A 2018 report by Deloitte said the industry was the most targeted industrial sector, suggesting intellectual property theft was a key motive.