The pharmaceutical manufacturing industry is a major target for cybercriminals who seek valuable data while the public depends on these companies for obtaining life-saving drugs safely and securely.

 

The Global Biopharmaceutical Industry’s Critical Role

The pharmaceutical and biopharmaceutical industry represents a vital component of the global economy and public health infrastructure, with companies investing heavily in research, development, and manufacturing capabilities worldwide. The interconnected nature of the global pharma supply chain—spanning facilities, research centers, and distribution networks across multiple countries—means that cybersecurity vulnerabilities in one region can cascade across international operations, amplifying the potential impact of cyberattacks and the complexity of defending against them.

Beyond manufacturing, think about the logistics of getting life-saving drugs into the hands of the people who need it the most. There is an astonishing amount of Internet-enabled sensors and monitoring technology used in keeping important drugs at the proper temperature at all times. Just look at what is happening in cold chain logistics.

Source: Pharma Now

Why Pharma Companies Are Prime Cyberattack Targets

Several characteristics make pharmaceuticals attractive to cybercriminals, including:

Sensitive Data and Valuable Technology

The industry secures some of the most sensitive data—about patients, patented drugs, clinical trials, research projects, and proprietary information—along with highly valuable technology. With a massive supply chain, attacks can originate from numerous sources.

Automation Vulnerabilities

The increased use of automation tools by pharma manufacturers creates security vulnerabilities that cybercriminals actively exploit.

IoT and Connected Devices

Pharma companies use many devices to collect data stored online, including IoT sensors. The transfer and storage of data can become targets for exploitation. Many IoT devices including sensors, smart locks, and robots lack built-in security safeguards. When connected to corporate networks, hackers can exploit these devices to gain access to multiple systems.

Legacy OT Systems

Manufacturers depend on numerous operational technology (OT) systems to run production lines, package goods, and maintain environmental controls. OT systems are notorious for having very few cybersecurity features, as many were designed long before modern cyber threats became prevalent.

Cloud Security Gaps

The move to cloud computing for speed and efficiency has made exposure of cloud vulnerabilities an easier way to compromise a company without penetrating its on-premises infrastructure. For example, in 2020, Pfizer experienced a cloud leak of sensitive patient data from clinical trials due to a misconfigured Google Cloud database. The Thales Group reports that cloud resources have become the biggest targets for cyberattacks, with main causes being human error and misconfiguration (31%), known vulnerabilities (28%), and lack of multifactor authentication (17%).

 

Critical Control Systems at Risk

Pharmaceutical and raw chemical manufacturing relies on sophisticated automated control systems to complete production batches with precision. According to SANS Institute research, these systems—including Programmable Logic Controllers (PLCs), Distributed Control Systems (DCS), and Supervisory Control and Data Acquisition (SCADA) networks—ensure the exact formulation and production of medicines, making them highly attractive targets for cyber threats.

Three Primary Attack Motivations:

  • Intellectual Property Theft: Cybercriminals target medicine formulations and production processes stored in ICS/OT assets such as data historians or recipe management systems, seeking to steal valuable proprietary information.
  • Industrial Espionage: Nation-state actors specifically target pharmaceutical companies to obtain proprietary drug formulas, representing a significant national security concern.
  • Process Manipulation: Attackers modify control system parameters with potentially devastating consequences—creating unsafe drug compositions, causing safety incidents, or triggering compliance violations that could result in product recalls or regulatory sanctions.

 

Real-World Attack: The Cencora Breach

The February 2024 Cencora incident illustrates the interconnected nature of pharma cybersecurity risks. Hackers exfiltrated data from Cencora’s systems. Three months later, 11 major pharmaceutical companies—including AbbVie, Bayer, Genentech, GlaxoSmithKline, Novartis, and Regeneron—reported their own data breaches resulting from the Cencora compromise. This series of breaches underscores how a single cyberattack can create ripple effects across multiple organizations.

“At least 27 pharmaceutical companies were affected,” explains Steve Adler, Editor-In-Chief of The HIPAA Journal, about this wide-reaching breach. “[T]he stolen personal and protected health information included: names, addresses, dates of birth, Social Security Numbers, health and insurance information, financial information, transactional information, consumer profile information, racial/ethnic identity, political opinions, sexual orientation/identity, criminal history, IP addresses, other electronic identifiers, biometric information, genetic information, trade union membership information, and driver’s license and passport information.”

 

Expanding Attack Surface Through Industrial IoT

The pharmaceutical industry’s adoption of Industrial IoT (IIoT) has dramatically expanded the attack surface within manufacturing operations. According to Siemens, IIoT solutions gather, contextualize, and analyze data from various systems across production environments—creating extensive digital connections throughout pharmaceutical operations.

This interconnectivity, while enabling benefits like condition monitoring, Overall Equipment Effectiveness (OEE) measurement, predictive maintenance, and digital twin capabilities, also creates new entry points for cyber attackers. The need for scalability across multiple lines and plants, customized applications, and seamless integration between IT and OT systems means more software and firmware components are embedded throughout production lines.

Each connected sensor, monitoring system, and edge device represents a potential vulnerability that cybercriminals can exploit to target the software and firmware controlling critical pharmaceutical manufacturing processes. The very characteristics that make IIoT valuable—extensive connectivity, data sharing across systems, and integration at connectivity and edge levels—also multiply the opportunities for attackers to penetrate production environments and compromise manufacturing operations.

The data backs this up. Forescout Research – Vedere Labs recently found in its study of IoT security risks:

  • 65% of devices across organizations are no longer traditional IT
    • 11% are network equipment
    • 24% are part of the extended IoT, including IoT, OT
  • Industries with more extended IoT security risks have higher device diversity (more device functions, vendors, and operating system flavors):
    • 380 device functions – an average of 164 per organization
    • 5653 vendors – an average of 1629 per organization
    • 3200 operating system versions – an average of 876 per organization

It’s a lot to track and secure.

 

Key Cybersecurity Vulnerabilities

Supply Chain Exposure

Attacks can originate from third-party vendors, leading to disruptions in logistics and distribution while potentially introducing counterfeit products or malware. The massive pharma supply chain includes employees, contractors, and potential malicious insiders who can intentionally or unintentionally cause data leaks or compromise systems.

Automation Tool Compromise

When automation tools—including robotics, AI, and automated process control systems—become compromised, they can impact critical operations across drug discovery and development, manufacturing and production, quality control and testing, compliance and process control, and packaging.

IT-OT Convergence Risks

OT assets such as drug manufacturing, processing, and packaging machinery have traditionally remained separate from corporate networks. Over the last two decades, however, OT systems have become increasingly digitally connected, raising risk exposure. Many OT systems lack modern security features, making them vulnerable to exploitation. When attackers compromise OT systems, they can cause operational disruptions that compromise physical safety.

 

8 Best Practices to Mitigate Cybersecurity Risks

  1. Train Employees: The first line of defense is employee training on recognizing phishing emails, authenticating suspicious communications, creating strong passwords, and keeping them secure.
  2. Adopt Two-Factor Authentication: This adds an additional security layer to login credentials, requiring users to provide two forms of identification before accessing systems or applications.
  3. Encrypt Data: Data encryption converts data into code to prevent unauthorized access, helping protect sensitive information such as patient data and drug formulas.
  4. Perform Regular Data Backups: Regular backups help prevent data loss during ransomware attacks, allowing companies to restore data rather than paying ransoms.
  5. Segment Networks: Network segmentation splits a network into smaller segments to limit the spread of cyberattacks, preventing attackers from accessing sensitive information and systems.
  6. Inventory and Patch Network-Attached Devices: Adopt agentless tools to discover and inventory all devices that attach to the network, gathering compliance information on each device and its security patching needs.
  7. Conduct Penetration Testing: Testing cybersecurity measures identifies vulnerabilities that attackers could exploit, helping companies address potential weaknesses in their security infrastructure.
  8. Follow Relevant Regulatory Standards: IEC 62443 is a globally recognized series of standards for industrial automation and control systems (IACS), serving as the basis for comprehensive defense strategies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt IEC 62443 to mitigate risks in OT environments. The NIST Cybersecurity Framework follows a risk-based approach aligned with system lifecycles: identify risks, protect systems, detect threats, respond quickly, and recover smoothly. Organizations should also implement 21 CFR Part 11 for secure electronic systems and ISO 27001 for information security management.

 

How Forescout Helps

Forescout provides the platform needed to control security posture with real-time oversight across industrial environments and distributed infrastructure—including cloud and extended partner value chains.

Forescout takes a Zero-Trust approach by combining complete device visibility, proactive network segmentation, and least-privilege access control of all digital assets—devices, users, apps, and workloads. The Forescout 4D Platform™ enables effective management of cybersecurity, operational, and compliance risks by:

  • Providing complete visibility into managed and unmanaged IT, IoT, and OT devices as well as all IP-connected systems
  • Assessing and identifying IoT and OT assets with factory-default or weak credentials and automating policy actions to enforce strong passwords
  • Deep packet inspection of 350+ OT / IoT and common IT protocols
  • Providing real-time insight into device communication and risky behavior across the extended environment
  • Segmenting devices into trusted zones by enforcing least-privilege access through zero trust policy
  • Automating universal Zero Trust network access and policy orchestration across multivendor environments and multiple network domains
  • Eliminating security management silos to accelerate response and maximize the value of security investments
  • Helping organizations proactively detect and reduce vulnerabilities, granularly enforce segmentation and network access rules, and immediately contain IoT device threats while facilitating remediation

This comprehensive approach ensures that organizations have real-time insights into IT, IoT, and OT assets and can respond proactively to potential security threats.

See it in Action

Want the latest in threat intelligence including for manufacturers? Sign up for the Vedere Labs Threat Feed and get the full context of these threats in our monthly newsletter.