Check Point Email Security | Blog

The IT Security Burden for the COVID-19 Vaccine

Written by Jeremy Fuchs | December 11, 2020

A COVID-19 vaccine is here.

But the problems are just beginning.

Because both the Pfizer and Moderna vaccines require unique cold-storage, there is a slew of companies that need to be involved in getting the vaccine from lab to arm.  It is a complex supply chain unlike anything else before. 

And already, problems are arising.

Two major attacks on the vaccine and the related supply chain have been uncovered, just this week.

Documents related to the Pfizer vaccine were accessed in a cyberattack on the European Medicines Agency, a regulator. The regulator did say that the attack won't harm the approval or production process. 

Additionally, IBM uncovered a major email-based attack on companies in the so-called cold chain. It worked by impersonating an executive of company in the supply chain. It targeted organizations in six countries. 

Though they didn't say definitely, IBM said it could be related to a nation-state. That's part of a potential trend. 

In July, a report was released saying that Chinese state-actors targeted Moderna. Iran reportedly targeted the World Health Organization and Gilead, makers of the drug remdesivir.

Microsoft recently reported that three nation-state actors have targeted vaccine developers. One is a Russian-based group that specializes in password sprays; then there are two North Korean groups that focus on spear-phishing. 

And another report found that a suspected North Korean group attempted, unsuccessfully, to hack AstraZeneca

And as the race for a vaccine moves from research to development to distribution, more companies will be subject to attacks. And we're seeing that being borne out.

Miltenyi Biotec, a global company that supplies antigens to research firms, announced they were subjected to a malware attack that disrupted operational processes, including email. 

And Americold, a cold storage logistics company, announced it was the victim of a cyberattack, though they did not provide details on what happened.

There are countless companies involved with the vaccine distribution process, from shipping giants like UPS and FedEx, pharmacy chains like CVS and Walgreens, to lesser-known, but vitally important companies that supply dry ice, refrigerators, vials and more. 

The consultancy group Eurasia noted that the hackers will look to disrupt pharmaceutical companies and logistics companies, all in an effort to stop production of delivery of the vaccine. And since the supply-chain is wide and complicated, one hack could see the whole thing fall apart.

Now, more than ever, shoring your defenses is essential.