Federal, industry officials warn that hackers are targeting vaccine distribution process

A senior FBI cybersecurity official and top security experts at leading health care groups on Thursday warned that nation state hackers and other cyber criminals are targeting the COVID-19 vaccine distribution process. 

“We see our most determined nation state adversaries not just relying on one method to target the supply chain, but combining cyber with using more traditional espionage and human sources to try to penetrate organizations,” Tonya Ugoretz, the FBI’s deputy assistant director of Cyber Readiness, Outreach, and Intelligence Branch, said at the Aspen Institute’s virtual Cyber Summit. 

Ugoretz’s comments were made the same day IBM issued a warning that a “global phishing campaign” was targeting the cold storage portion of the COVID-19 vaccine supply chain. The Cybersecurity and Infrastructure Security Agency (CISA) put out a joint alert to encourage groups involved in the vaccine distribution process to be on guard against attacks. 

The Wall Street Journal reported earlier this week that North Korean hackers had attempted to hack into at least six pharmaceutical groups in the U.S. and the United Kingdom involved in developing the COVID-19 vaccine, including Johnson & Johnson and Novavax.

Marene Allison, the chief information security officer (CISO) for Johnson & Johnson, emphasized Thursday that the incident was an “attempted hack,” but confirmed that the health sector is facing escalating cyber threats aimed at the COVID-19 vaccine. 

“All CISOs in healthcare are seeing attempted penetrations by nation state actors, not just North Korea, every single minute of every single day,” Allison said during the same Aspen Institute panel. 

Both Ugoretz and Allison noted that much of the attempted cyber targeting of health sector groups involved with the vaccine came through targeting third party organizations associated with the primary groups. 

“We are certainly seeing our cyber adversaries move to targeting of those third parties in order to try to then move into the targets that they are trying to reach,” Ugoretz said. 

Meredith Harper, the CISO of pharmaceutical group Eli Lilly, which has worked to develop a COVID-19 antibody drug, said on the same panel that her company had been forced to “spring into action” to protect third party groups associated with Eli Lilly’s work due to the escalation of cyberattacks targeted at them.

“Probably this year we have done way more incidents around our third parties than we’ve seen in the last few years,” Harper said. 

The overall health sector has become a main target of both nation state hackers and cyber criminals during the COVID-19 pandemic. 

Groups involved in researching COVID-19 treatments and vaccines, federal and international agencies involved in the response to the pandemic, and overwhelmed hospitals have increasingly been targeted. 

The U.S., the U.K. and Canada warned in July that Russian hackers were targeting COVID-19 researchers, while the FBI and CISA put out an alert in May warning that Chinese government-backed hackers are targeting U.S. organizations developing vaccines and treatments for the COVID-19 virus.

Ugoretz said Thursday that the alert was part of coordinated efforts by the federal government to push back against foreign hackers, and to put them on notice. 

“For too long, we think these adversaries have acted with what they think is impunity, and we want to change that risk calculus for them,” Ugoretz said.