30 Oct Security Breach – 30 Oct 2020
Pharmaceutical companies have a tough week with hacking as manufacturing is disrupted at COVID-19 drug makers and huge patient databases are exposed.
Dark Web danger doesn’t just come to your company’s doorstep from compromised passwords – it also comes from data dumps full of email addresses, employee information, website user logs, supplier records, medical data, and more that can provide cybercriminals with exactly what they need to lure your staffers into a nasty (and expensive) trap.
Every kind of data about your employees that you can think of is available on the Dark Web – sometimes for free.
General business email compromise attempts are landing in employee inboxes every day too. A recent survey reported that over 30% of respondents reported receiving one every day.
Running the gamut of impersonations including scary vendor notices, fake unpaid invoices, spoofed supplier communications, and even fake emails from colleagues, cybercriminals are pulling out all the stops to trick your staffers into falling into a business email compromise scam.
United States – Pfizer – Drug Maker
Exploit: Unsecured Database
Risk to Small Business: Extreme: In a monster week for pharma hacking, Pfizer leads the pack with a substantial data breach that it brought on itself. In a huge blunder, unsecured and unencrypted data containing logs, transcripts, and details of patient helpline conversations was leaked from a misconfigured Google Cloud storage bucket. The exposed data included detailed information regarding hundreds of conversations between Pfizer’s automated customer support software and patients using drugs including Lyrica, Chantix, Viagra, Ibrance, and Aromasin.
Risk to Exploited Individuals: Extreme: The exposed call or chat transcripts had extensive PII and medical data for patients including full names, addresses, phone numbers, and details of health and medical conditions. The transcripts also contained detailed information about treatments, patient experiences, and questions related to products manufactured and sold by Pfizer.
Customers Impacted: Unknown
Japan – Shionogi & Company Limited – Drug Maker
Risk to Small Business: Severe: Healthcare and pharmaceutical targets were on every cybercriminal’s menu this week, including Japanese medical giant Shionogi & Company Limited. The company’s Taiwanese subsidiary experienced a data breach that included sensitive information but did not impact its COVID-19 vaccine development programs. Data including import licenses for medical equipment and employee residency permits was exposed on the Dark Web as proof of the attack by the hacking gang to support a ransom demand.
Risk to Exploited Individuals: No individual information was reported as impacted in this incident.
Customers Impacted: Unknown
Protect your data and systems by implementing a solid cybersecurity plan. Talk to a TCT team member today and we can show you how.
Follow us on LinkedIn: