A fortnight after Dr Reddy’s Laboratories said it had “isolated” its data centre services after a cyber attack, Mumbai-based Lupin became the second major Indian pharmaceutical company to be hit by a similar attack.
Several industry executives told The Indian Express on Friday that while cyber attacks are not new, at least in the West, they have become more common as the world grapples with the Covid-19 pandemic. Indian pharma companies, currently plugged into the global supply chain for potential Covid-19 vaccines, have become more vulnerable, the experts said. More such attacks could be on the way, they warned.
Indian pharma companies have moved most of their documentation and manufacturing processes data to the digital space over the last decade, said the executive of an Indian vaccine firm on condition of anonymity. The threats from such digitisation were flagged last year, when cyber security solutions firm Kaspersky had reportedly ranked India as the sixth most vulnerable country where drugmakers were open to attacks from cyber criminals.
The growing importance of Indian pharma companies in delivering affordable medicines on a large scale during the pandemic may be attracting increased attention from cyber criminals. The rising threat, evidenced in increased attacks on global healthcare services and research firms, could also be attributed to the fact that India is among the countries in front of the race to find a cure or vaccine for the virus, some experts feel.
Dr Reddy’s reported the cyber attack days after it was approved to conduct phase 2/3 trials in India of Sputnik V, a vaccine candidate developed by a Russian research institute. The attack led the Hyderabad-headquartered firm to isolate all its data centres and related services to take preventive actions.
Lupin is not involved in vaccine development. However, earlier this year it launched its own version of favipiravir, a drug that is prescribed by many doctors to treat mild to moderate Covid-19 symptoms.
Apart from Lupin, another Mumbai-based firm with a pharma subsidiary too is learnt to have been hit by a cyber attack recently.
“We have experienced a fifteen-fold increase in cyber attack attempts on our own servers in the last 4-5 months, and our IT team has been working day and night to keep them out,” an executive of the company said. “My guess is that especially with efforts worldwide for a Covid-19 vaccine, the attempts are to try and steal data related to the development of candidates or clinical trial information,” this executive added.
A Vaidheesh, a former managing director and vice president-South Asia for GlaxoSmithKline Pharmaceuticals, said the cyber attacks have to be “recognised as a big threat because Indian pharma companies are exposed internationally and are exporting to many countries with a significant competitive position”.
“It’s time that companies here strengthen their cybersecurity measures because what has happened to these two companies could happen to anyone with vulnerable systems,” Vaidheesh said.
Both Lupin and Dr Reddy’s have maintained that their core operations were not impacted as a result of the attacks.
“This issue has been on the rise for the last three-four years, especially in the West, but the pandemic has accelerated this process. Now everyone is connected digitally, including in India at a rapid pace, and the chances of security lapses are higher and could be a big blind sight,” Vaidheesh said.
Globally, there has been a 605 per cent increase in Covid-19 related cyber disruptions, with an average of up to 419 malware threats per minute on companies and individuals, according to a recent report by cyber security software company McAfee. Attacks on firms engaged in research, science and technology increased 19 per cent in the period from July to September, the report said.
Some Spanish research laboratories, and multi-national chains such as Universal Health Services, which operates and manages hospitals in the US and UK, have been targeted by malware attacks in attempts to steal Covid-19-related information, it has been reported.
The McAfee report said India faced 425,000 cloud security breaches and related cybersecurity incidents during July-September. Experts believe the actual number may be more as, in the near absence of compliance standards, many attacks were not being reported.
Globally, only 561 incidents of cybersecurity breaches have been publicly reported to governments and regulators until November, according to the McAfee report.
The rise in cybersecurity incidents is not limited to pharma companies, G V Anand Bhushan, Partner at Shardul Amarchand Mangaldas, said.
“The question is not Indian pharmaceutical, tech or banking. Cyberattacks are happening across many sectors. India is a very high-level target for phishing attacks as well as industrial espionage. It is not just related to pharma. It is commensurate with the increasing size of the Indian economy,” Anand Bhushan said.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines