After months of unprecedented cyber attacks on healthcare systems and pharmaceutical companies, the FDA has taken the unusual step of using the FBI to physically deliver vaccine data from pharmaceutical companies rather than having it sent over the internet.
The Financial Times reports that sensitive documents on a USB drive were handed to FBI agents to hand-deliver to the FDA, taking no chances of yet another cyber breach. Just last week, both Pfizer and BioNTech, collaborators on a coronavirus vaccine, announced that hackers had succeeded in accessing some of their documents when the European Medicines Agency was targeted by sophisticated cyber criminals.
Michael Farrell, co-executive director of the Institute for Information Security & Privacy at Georgia Tech, said the FDA’s efforts to protect unclassified vaccine data showed the “severity of threats in 2020.”
“This kind of conscious decision, to avoid the network and transfer the data manually, raises concerns about adversaries targeting systems between researchers and the FDA,” he noted. “There are many parties involved in the Covid-19 vaccine supply chain: research, development, testing, distribution, and then medical providers do the inoculation. They are all potential targets for attack.”
Earlier this month, Interpol published a warning of its own regarding cyber crime in the coronavirus era. Secretary-General Jurgen Stock described how, “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by Covid-19.
“High demand combined with a limited supply will make Covid-19 vaccines the equivalent of liquid gold to organized crime networks as soon as one is available," he added, warning that unscrupulous elements were already highly active using “predatory criminal behavior” including the “advertising, selling, and administering of fake vaccines.”
The United States and the United Kingdom, both home to vaccine development programs, have previously accused state-sponsored hackers based in China and Russia of targeting pharmaceutical companies and healthcare systems.