A report from Cyfirma, a Singapore/Japan-based Cyber intelligence and threat discovery platform, has details of how cybercriminals from Russia, China, Korea, and the Middle East are reportedly targeting 12 countries including India, to steal COVID vaccine research data, patient information, clinical trials data, supply chain and vaccine production information. As per the report, there are 15 active hacking campaigns underway.
The targets? Pharmaceutical, vaccine and medical device companies, major hospitals, and health departments of governments and approving agencies involved in COVID-19 drug and vaccine R&D, clinical trials and national vaccination trials.
India’s Cipla, Dr Reddy’s Labs (DRL), Divi’s Labs, Torrent Pharma, Abbott India, Sun Pharma, Zydus Cadila have reportedly been the targets of these attacks, in addition to marquee MNCs like GSK, Novo Nordisk, Pfizer, AstraZeneca, etc and hospitals like John Hopkins, Cleveland Clinic, etc. The updated list of targets includes Serum Institute of India (SII), Bharat Biotech, All India Institute of Medical Sciences (AIIMS) and Patanjali.
According to the report, suspected hacking group APT 29 and its affiliates have been active since October 2020 targeting global pharma companies, hospitals working on COVID-19, approving authorities in US, UK, India, Japan, Korea, Spain and Brazil.
The second campaign detailed by the Cyfirma report is run by APT 10 or affiliates and has been active since June 2020, reportedly targeting global vaccine approval authorities, medical devices and appliance companies, pharma companies and hospitals in India, Italy, Australia, Japan, Taiwan, Brazil and Germany.
In the third campaign suspected to be run by a hacking group known as Lazarus or affiliates, medical appliance and device making companies, vaccine approval authorities and pharma companies in US, UK, Japan, South Korea and Mexico were targeted.
According to Cyfirma, the hackers’ motives are to create competitive advantage and financial gain through this theft of intellectual property, and cause reputational damage to these companies and by extension, countries.
The common links between the three hacking campaigns described in the Cyfirma report pinpoint vulnerable systems running on weak operating systems, which are being exploited and infiltrated by the hackers.
The cybercriminals, at least in some cases backed clandestinely by their governments, are hitting where it hurts the most. These organisations will have to plug the gaps in their IT firewalls quickly and effectively and save themselves from such cybercriminals while saving the world from viruses and the like.
At stake is not just India’s vaccine diplomacy initiatives but also ensuring speedy and equitable distribution of vaccines within our country.
India’s COVID-19 vaccination campaign has seen a fair bit of vaccine hesitancy, even among healthcare workers. The irony is that while other countries are hounding companies to ramp up manufacturing and supplies, some companies in India could be left with expired vaccines due to an inefficient distribution and allocation system, or vaccine hesitancy.
The Ministry of Health & Family Welfare did launch a campaign highlighting how prominent doctors have taken the vaccine. And Prime Minister Modi’s vaccination on March 1 is being seen as a loaded statement.
Not only did he wait his turn, kicking off the next phase of vaccinations for citizens over 60 years, he chose Bharat Biotech’s Covaxin, hopefully setting to rest doubts about the vaccine and its approval process.
But vaccine and pharma companies want the government to go one step further. Unhappy with the price cap of Rs 150/- per shot (which Union Health Minister Dr Harsh Vardhan shelled out on March 2 when he and his wife took their first doses at a private hospital in Delhi), the top brass from companies ranging from SII, Bharat Biotech, DRL, and Cadila Healthcare is said to be meeting PM Modi to ask for more viable prices for their COVID-19 vaccines for distribution in the private sector.
What will be considered fair compensation? Is this about profiteering during the pandemic? Or nurturing an ecosystem vital to save us from the next pandemic? Will the government step up and save the saviours?