Indian Pharmaceutical Company Investigates Security IncidentDr. Reddy's Laboratories Says Plants in Four Countries Affected
Dr. Reddy's Laboratories a multinational pharmaceutical company based in India that’s working on testing a COVID-19 vaccine, says it isolated its data center services Thursday following what it calls a "detected cyberattack."
The announcement comes less than a week after the pharmaceutical company announced it had won approval to run clinical trials of the Russian-developed Sputnik-V COVID-19 vaccine in India, according to Bloomberg.
Dr. Reddy's Laboratories shut down plants in India, Brazil, Russia and the U.K. after the security incident, according to The Economic Times, which cited unnamed sources.
"In the wake of a detected cyberattack, we have isolated all data center services to take required preventive actions," according to a statement the company provided to Information Security Media Group.
Mukesh Rathi, CIO of Dr. Reddy’s Laboratories, noted in the company's statement that the pharmaceutical firm anticipates its data centers will remain offline for about 24 hours and that the security incident will not have a long-term effect on the firm's operations.
A spokesperson for the pharmaceutical firm declined to comment further.
Brett Callow, a threat analyst at security firm Emsisoft, says cybercriminals are increasingly targeting companies involved with COVID-19 vaccine or treatment development.
"Research is valuable, both as a commodity and as leverage," Callow notes. "This is especially true for COVID vaccine research and, consequently, it seems highly likely that any company or academic body engaged in such will be specifically targeted by either state and/or nonstate actors."
Indian Security Incidents
The breach at Dr. Reddy's Laboratories is the second significant security incident in the Indian healthcare sector in recent weeks.
Earlier, a security researcher disclosed that an unsecured Amazon Web Services S3 bucket potentially exposed 50GB of patient data belonging to Dr Lal PathLabs (see: Unsecured AWS Database Left Patient Data Exposed).
The exposed data included notes related to the results of COVID-19 testing and other lab test results as well as patients' names, dates of birth, addresses and mobile phone numbers, according to news reports.
Rohan Vaidya, regional director for India at security firm CyberArk, says pharmaceutical and healthcare firms should be protected as part of the "critical infrastructure" - just like power plants and water treatment facilities.
"While details of how the breach happened and what - if anything - was compromised are not yet clear, pharmaceutical organizations must be cognizant of the inherent value in what they do, whether it is vital - and high-value - research or manufacturing key drugs and treatments," Vaidya tells Information Security Media Group.
Vaidya recommends companies rotate high-value privileged credentials and limit the number of employees who have access to sensitive data to ensure that threat actors can't guess or brute-force passwords.
Other companies that are conducting or supporting clinical trials of COVID-19 vaccines have also been targeted by hackers.
For example, Philadelphia-based eResearchTechnology, which provides clinical trial oversight software to drugmakers and testing firms, recently was hit by a variant of the Ryuk ransomware (see: Ransomware Attack Hits Clinical Trial Software Vendor).
Executive Editor Marianne Kolbasuk McGee contributed to this report.