What Pharma Can Learn from WannaCry

Combating Ransomware in the Pharmaceutical Industry

What Pharma Can Learn from WannaCry


Over the past two weeks, healthcare networks across the globe have been infiltrated and patient data has been locked. These attacks, which are all connected to WannaCry ransomware, have spurred a conversation about what ransomware in 2017 really looks like – and how to prepare your data for the next wave of attacks.

What started with international hospital data quickly evolved to corporate network hacking and, finally, medical devices within the U.S. Now that this ransomware has impacted a majority of healthcare industries, the malware may be going mainstream. To protect itself and its data, the pharmaceutical industry must learn from these attacks and use the information moving forward.

So, how can pharma protect itself and ensure compliant data storage?

Collaborate with Cybersecurity Experts

Internal IT teams may have various methods for combating viruses like WannaCry. With such large-scale ransomware attacks, however, using more than one resource is key to preparing for and controlling network damage.

Implementing a network of resources may highlight any high-risk areas or behaviors to monitor. This collaboration can take the form of internal cross-departmental strategizing or enlisting the help of an outside cyber security team.

As information sharing and storing platforms continue to rise popularity, ease of use, and convenience, having a one-sided team may not be the final step to data security. Gaining multiple industry and professional perspectives of data use and access can may decrease the possibility of both hacker threats and regulatory injunctions.

Continue to Evolve Security Measures

The WannaCry attacks have shed light on the healthcare industry’s online weaknesses. The targeting of medical devices in the United States, in particular, has shocked the industry. To protect their data and, ultimately, customers, the pharmaceutical industry needs to be thinking about the next attacks.

To do this, the industry IT leaders must ask themselves how quickly their team can respond to dissipate a threat or hack, how the value of their information may be tainted, and how much data could be destroyed in an initial attack.

Increasing security measures for some companies may be poised in smaller network goals like advanced authentication and continuing to streamline threat detection and handling processes. IT and IS teams know that even simple employee mistakes may lead to critical data breaches, so continuing to update and strengthen this process can prepare a company for small breaches – whether intended or not.

Provide Employee Resources

Most of the WannaCry distribution happened through email users. Though alerts may be sent internally once an attack is known, some employees may not be prepared to properly secure their account and prevent a further spread of the virus.

Providing continual support in the form of informational videos, articles, and timely reminder emails may help employees spot and report potential threats to internal IT leaders. Connecting with human resources and establishing a plan of action in the case of an HR-directed attack, or an internally reported attack, can help an IT team to pinpoint the targeted audience and attack type.

Reinforcing team and company-wide protocol in the case of an attack should be the first line of defense, and can help prevent a data breach in the making.

Looking Forward

As technology evolves, so should the ways in which we secure our online borders from threats. Data sensitivity issues remain a top priority for information technology and security professional in the pharmaceutical industry. By preparing teams and delivering company-wide threat resources, executives can preemptively lower the risk of an attack and begin earlier damage control in the case of a cyber threat.

Learn more about cybersecurity in the life science industry, check out Q1 Production’s events.