So far, 2019 has been the worst year ever for data breaches in the healthcare and Life Science sector. And attacks aren’t just increasing – they’re exploding. Today, medical records are over ten times more valuable to hackers than credit card details. In 2018, the US healthcare sector saw more than 15 million patient records breached. By the middle of 2019, that figure – for six months – was 25 million records compromised. Although hackers go after the personal information that healthcare providers hold, they see another area of value within pharma and Life Science companies: Deloitte estimates that 95% of all Life Science cyber attacks were aimed at stealing intellectual property (IP).
Let’s put that into perspective: It’s estimated that up to 80% of the value of a Life Sciences company is its IP – rising to almost 100% for some smaller organizations. Cyber crime in Life Sciences isn’t just dangerous and costly – a major loss could spell the end for a smaller company. So, what you can do to protect yourself from cyber attacks that could prove potentially fatal to your business?
Counting the cost of IP theft
Historically, IP theft has been the province of disgruntled and malicious employees and, today, insider attacks can account for as much as 80% of all cyber crime in Life Sciences. However, this situation is changing as Life Sciences companies progress their digital transformation initiatives. As disruptive digital technologies help companies become more agile, collaborative and innovative – working with an increasing ecosystem of partners – they also make organizations more vulnerable to attack from both internal and external sources.
In other words, the surface area of vulnerability for your corporate network has grown substantially and every endpoint device becomes a potential entry point for criminals.
Consider that, in 2019, there are now 125 million IoT devices in the healthcare sector and this is expected to grow to over 140 million in the next 12 months. Many of these devices have not been designed with security in mind and still use the default password that they came with. These passwords are sometimes freely available of the Internet.
Then consider that the average cost of a data breach is $408 per record in healthcare – almost twice the cost on the next industry on the list, finance – with pharmaceuticals coming fourth with a breach costing $174 per record. Worst still, the average time to identify a breach is 197 days, and it can take another 69 days before it’s contained. That’s a lot of time for the criminal to find and extract your IP.
Although it can be difficult to calculate the full value of IP theft, two short examples can illustrate the size of the issue.
First, IP theft can significantly hamper the clinical trial process. The theft of IP impacts trials in two ways: between 66% and 85% of the cost surrounds the need to re-plan and repeat the clinical trial and a further 15% to 33% is lost in the delay in bringing new therapies to market. If all the IP is taken, it obviously calls into question the viability of the entire project.
Secondly, mergers and acquisitions (M&A) activity is a key business model within Life Sciences. Over the last few years, this activity has been strong but IP theft can kill a potential deal. Deloitte believes that cyber crime in Life Sciences can knock as much as 20% off the valuation of a company and share prices can potentially fall by 5%. In fact, the market research firm has found that 50% of analysts and investors say they will increase the valuation of a Life Sciences company if they’re working with cybersecurity firms to mitigate risks.
So, what can you do?
OpenText industry experts are at the forefront of minimizing cyber crime in Life Sciences and the Pharmaceutical industry while ensuring your IP is fully protected at all times.
Visit our website to learn more about the solutions that OpenText offers the Life Sciences sector.