Life Science Cyber Criminals don’t want your money - they want your IP

Olivier Moll
Post by Olivier Moll
November 24, 2020
Life Science Cyber Criminals don’t want your money - they want your IP

The real target for cybercrime is an organisation’s intellectual property (IP) - but what can you do about it?

Today, cybercrime affects every business in every industry. Stolen information, data ransom and DDoS attacks have become a serious consideration as a matter of daily business. However, Life Science organisations have to defend an entirely different kind of asset - their intellectual property.

Life Sciences and cybercrime

From 2014 through the first half of 2018, most data breaches affected private businesses and medical/healthcare organisations.

This trend has continued to expand well into the future. In 2019 alone, the US healthcare sector saw over 41 million patient records breached - with a single hacking incident affecting close to 21 million records. This points to a 173% increase from 2018’s incidents which totalled 15 million breaches. In 2020, 3.8 million breaches marked the first half of the year, with the second half still being tallied. It’s clear that cybercrime is on the rise for the Life Sciences industry. However, the intended target is not just patient data or the organisation’s credit card. It’s something more valuable - the intellectual property of the companies themselves.

This is because the life science industry has all the attributes a cybercriminal seeks for a high-value target. The vast majority of life science companies are heavily tech-reliant, deal with large amounts of data, contain valuable trade secrets and generate vast amounts of revenues. Today’s medical records are over ten times more valuable to hackers than credit card details.

Why is intellectual property a prime target?

According to Deloitte, 95% of all Life Science cyber-attacks aim at stealing intellectual property. IP information is precious, and the loss of such can mean the end for a life science company. Up to 80% of a life sciences company's value rests in its IP – rising to almost 100% for smaller organisations.

Leaks or theft of intellectual property can lead to loss of competitive advantages, loss of revenue and lasting financial and reputational damage. The information lost can include patents, designs, copyrights, trademarks and trade secrets. Criminals can sell or ransom this data for a fortune, with Deloitte estimating the value of such data to be upwards of $295 - $363 million.

Intellectual property is also highly valued by foreign powers. For example, according to a May 2017 Department of Justice press release, A Chinese spy stole IP data from a US storage technology company for the benefit of China’s health system, the National Health and Family Planning Commission. He was later caught in 2017 when he boasted about the software he used to steal and sell the proprietary software to undercover police officers. The spy pleaded guilty to three counts of economic espionage and was sentenced to five years in prison. He stated that the intention behind his actions were both for his profit and to benefit the Chinese government.

In short, intellectual property is valuable - to life organisations themselves, their competitors and even foreign adversaries.

The consequences of IP theft

The damage that IP theft can cause a life science organisation is hard to calculate, and for different cases and IPs could have vastly different consequences. However, IP theft can generally influence two primary aspects:

Clinical Trials

Clinical trials are often related to significant value drivers of M&A decisions. This data is critical to bringing a drug to market and involves massive investment and effort on behalf of an organisation.

The theft of IP impacts trials in two ways:

Firstly, to replan and repeat clinical trials can cost an organisation millions of dollars, and the delay it causes can eliminate the viability of a product if a competitor reaches consumers first.

Secondly, if an IP is wholly compromised, leaked or stolen, the viability of the entire company or product could be called into question by investors.

Mergers and acquisitions (M&A)

Mergers and acquisitions (M&A) activity is a crucial business model within Life Sciences. It is one of the most common ways for large enterprises to expand their operations and offerings.

However, cyberattacks on life science companies can knock as much as 20% off the valuation of a company, and share prices can potentially fall by 5%. Almost a quarter of global dealmaker respondents expected M&A deals to fail following a successful cyberattack that affected IP.

How can life science organisations protect themselves?

To understand how life science organisations can protect themselves, you first have to know how modern IP theft works. The internet, as we know it, sends data by automatically selecting the fastest route possible to its destination. The easiest way for a cybercriminal to steal that data is to simply create a fake route promising shorter travel to the intended destination. Once the data has accepted this route, criminals can intercept it and harvest the information.

For life science organisations, this is a critical risk for many factors. In addition to IP theft, this kind of cybercrime could result in:

  • Operational disruption
  • Drop in company valuation
  • Regulatory offences
  • Civil suits and litigation

To protect their data and IPs while remaining connected online, life science organisations will have to take back control over their data and how it travels. The ability to stop automated travel of data based on the shortest route is the first, and most essential step towards securing data online. Anapaya’s solutions offer this ability through the Next-Generation Internet.

Anapaya’s next-generation connectivity solutions offer life science organisations the ability to select which networks their sensitive medical data passes through. This way, businesses may operate within secure, traceable and reliable networks where BGP hijacking and routing attacks are impossible.

For example, organisations wishing to avoid specific geographical locations with reputations for cybercrime may choose to avoid these areas before sending or decide to avoid poorly regulated countries or networks entirely.

If you would like to secure your intellectual property and get serious about your organisation’s data and patient records, consider Anapaya. Anapaya’s Next-Generation Internet is the key to staying compliant and safe from cybercriminal activities. Visit our website to find out more or contact us today.

Olivier Moll
Post by Olivier Moll
November 24, 2020
French in his core, Olivier loves cooking and traveling with his family.