Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pharmaceutical Firms. Show all posts

Granules India in Huge Loss After Cyber Attack Erodes Top Line

 

Granules India (GRAN.NS) issued a warning on Thursday regarding a huge loss in revenue and profitability as a result of a cyber security incident the pharmaceutical firm experienced in the latter part of May. 

The IT security breach caused a considerable disruption in its business operations because of extensive adjustments to its IT infrastructure, the manufacturer of paracetamol claimed in an exchange filing. Granules India disclosed the information security incident on May 25 and added that the affected IT assets have been contained. 

The company reported that it has now been able to get production up to levels that were close to normal, but it also noted backlogs and delays in getting materials cleared for quality system approvals before shipping the goods. 

LockBit, a ransomware gang linked to Russia, has claimed responsibility for a hack on Indian pharmaceutical giant Granules India and uploaded some of the data it allegedly stole. 

A leading maker of pharmaceuticals in India since its founding in 1984 is Granules India. Many generic medications, including paracetamol, ibuprofen, and metformin, are produced by the Hyderabad-based firm. Moreover, according to information on the company's website, it has more than 300 clients in more than 80 different nations.

The quarterly earnings for the quarter ended March 31 increased 7.8% to $14.6 million, according to a report released by Granules India in May. Shares of the business finished Thursday at $3.50, down marginally from the previous trading day's closing price of $3.48. 

Lockbit spreading wings

According to a recently published joint advisory from the U.S. federal cybersecurity organisation CISA and its international counterparts in Australia, Canada, France, Germany, New Zealand, and the United Kingdom, LockBit emerged as the most frequently utilised ransomware version worldwide in 2022 and 2023. In January 2020, Russian-language cybercrime forums were the first place where the ransomware gang was identified.

The ransomware group has recently made attacks on a number of well-known tech firms, including IT services provider Accenture, electronics producer Foxconn, U.K. health service provider Advanced, and British postal agency Royal Mail. Other victims of the ransomware group include the financial software company Ion Group, the Los Angeles Housing Authority, and the state of California's finance department. 

LockBit threat actors have extorted about $91 million in ransoms through nearly 1,700 attacks targeting U.S. victims since 2020, according to a recent U.S. and foreign joint advisory.

GoodRx Made Money On Your Behalf, FTC is Making It Pay


GoodRx put user privacy at risk

GoodRx has not done a good job when it comes to your privacy. The Federal Trade Commission has charged a heavy fine and an agreement that will bring in various privacy measures. 

If you're among the people who used GoodRx to get discounts on your medications, the prescription shopping website might've done more than what you bargained for. GoodRx sent your personal health data to tech companies like Meta and Google for advertising purposes as well as the data brokers. 

FTC charged GoodRx

The FTC recently announced that GoodRx has agreed to pay a $1.5 million fine and implement various measures to ensure that the company no longer sends health data for advertising purposes. GoodRx has agreed that it will take user consent before sharing health data for other purposes, and also to get in touch with the third parties with whom it earlier shared sensitive info to delete that data. 

Consumer Reports said, "to determine how GoodRx shares data, we monitored traffic using a data packet-capturing tool to observe the company's Android mobile app and website as we searched for deals on a number of prescription medications."

Several of the company’s business partners received the names of the medications, along with ID numbers and other information that can be used to single out individuals. The data can reveal intimate information that many people would keep private from all but their close friends and family.

The FTC alleged that GoodRx shared names of medications people were looking for on the application, it has been accused of sending lists to Meta, which includes identity info of users who bought certain medications, Meta used it to target users with ads. 

“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information. The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation," Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement." 

When did GoodRx malpractices surface?

Some of GoodRx's practices were first disclosed in February 2020 by reports from Gizmodo and Consumer Reports, which explained how user data was being sent to third parties. GoodRx apologized for it, saying the data wasn't used for targeting ads and implemented some privacy measures. 

Vox said "That seemed to be the end of it, as GoodRx operates in a digital privacy gray area. Though it may collect the same data that pharmacies, doctors, and health insurance companies do, in most cases it’s not beholden to the same health privacy laws — namely, HIPAA, the Health Insurance Portability and Accountability Act. Even when HIPAA didn’t apply to GoodRx, the FTC says that the company gave users the impression that it did by putting a little “HIPAA” icon on its website."


Exposed Corporate Credentials Endanger the Pharmaceutical Industry

 

Constella Intelligence published a report that includes fresh and additional information relevant to pharma sector exposures, breaches, and leakages, with a specific focus on employees and executives from the top twenty pharma firms on the Fortune Global 500 list. 

The report examined eighteen prominent pharmaceutical corporations and their nine hundred plus subsidiaries around the world to assess the presence of exposures of services, sensitive platforms, unpatched CVEs, and other security vulnerabilities. Among the major insights were some alarming numbers, such as 92% of pharmaceutical organisations having at least one exposed database with possible data leakage and 46% having an exposed SMB service. SMB flaws have already been used in prominent assaults such as WannaCry, NotPetya, Nachi, and Blaster worms. 

In 70% of the pharmaceutical M&A deals examined in 2020, the newly acquired subsidiary had a detrimental impact on the parent company's security posture, introducing tens, if not hundreds, of sensitive unprotected and unpatched services. 

The threat intelligence team identified 9,030 breaches/leakages and 4,549,871 exposed records—including attributes such as email addresses, passwords, phone numbers, addresses, and even credit card and banking information—related to employee corporate credentials from the companies examined by analysing identity records from data breaches and leakages discovered in open sources and on the surface, deep, and dark web. 

The proliferation and distribution of this sensitive employee data provides threat actors with the resources they need to carry out a wide range of cyberattacks, including impersonation, phishing, account takeover, and a variety of others that can lead to more sophisticated attacks like ransomware or coordinated disinformation campaigns. 

“The pharma sector’s role within the healthcare ecosystem, especially with today’s public health needs, only emphasizes how critically important it is that these companies protect themselves from cyber threat actors,” said Constella Intelligence CEO, Kailash Ambwani. “As we have seen before, only one exposed employee credential can lead to a company having their systems or supply chain shut down by a data breach leading to a ransomware attack, resulting in a shortage of life-saving supplies.”

Because of their intellectual property and confidential information, as well as their critical role in creating life-saving treatments, pharmaceutical firms are high-value targets for threat actors. The pandemic-driven shift toward remote workforces, combined with accelerating operational digitization, has increased the overall digital footprint of enterprises in this industry, resulting in more digital vulnerabilities and risk.

A Data Breach To An AWS Portal Glitch By Ravkoo, A US-based Online Pharmacy

 

Ravkoo, an online prescription filling service, suffered a data breach, exposing health and other sensitive information. The company's prescription interface is hosted by Amazon Web Services (AWS). 

A security incident occurred in a specific instance that saved prescription information, allowing the information to be easily accessed. The unauthorized access occurred in September 2021, and the Ravkoo security team discovered it in October of that year. 

On January 3rd, 2022, around 150,000 potentially affected customers received breach notification letters. Ravkoo has discovered no cause to assume the exposed data was spreading or being utilized for nefarious activities at the time of writing their public statement, but that could change. The FBI and other authorities have been notified, and they are working with Ravkoo to investigate the situation further to determine who may be responsible. 

"Ravkoo has no indication that any of your personal information has been or will be exploited as a result of this occurrence at this time. Nonetheless, out of an abundance of caution, Ravkoo chose to alert you about this incident," according to Alpesh Patel, the online pharmacy's CEO, because it hasn't received any reports of identity theft relating to the data breach since September 27, the date of the incident. Ravkoo also claims to have reported the event to the appropriate authorities and to be working with forensic experts to examine the issue and improve its security posture. The hacker also provided records of 340,000 prescriptions written by Ravkoo between November 3, 2020, and September 11, 2021, totaling $8.5 million in medicine prices, according to Micah Lee of The Intercept. 

Ravkoo's identity monitoring services are available to users who may have been affected by the breach. The scope of the exposed data has not been released, however, the concerned parties should report any unlawful activity they see. Health information can be sold and exploited to commit medical identity theft, as we discussed earlier this week. For those who have their information utilized unlawfully, this might result in a variety of problems. Following an occurrence like this, it's critical to remain vigilant.

Over 92% of Pharmaceutical Firms are Prone to Cyber Attacks, New Report Highlights

 

Reposify, the leading external attack surface management platform published its Pharmaceutical Industry Attack Surface Exposures Report analyzing the security status of the world’s leading pharmaceutical firms and their 900-plus branches.

Data analysts at Reposify examined the data covering a two-week period in March 2021 and discovered that 92% of the pharmaceutical companies had at least one exposed database with potential data breach, while 46% had an unmasked Server Message Block (SMB) service. 

SMB is a communication protocol that allows networks within the same system to share files. It also offers an authenticated inter-process communication mechanism. The last time when SMB services were exploited was the infamous 2017 WannaCry cyberattack, targeting 80 NHS trusts across England. 

The Department of Homeland Security and Cybersecurity and Infrastructure Security Agency (CISA) issued an early warning in the response that attackers were leveraging password spraying campaigns in order to target pharmaceutical companies, research firms, and other health care organizations involved in the COVID-19 response. 

Last year, threat actors targeted 53% of pharmaceuticals or biotech companies, including the European Medicines Agency, which led to a breach of Pfizer and BioNTech COVID-19 vaccine data. The average cost of a pharmaceutical industry breach stood at $5.06m in 2020, a sum 1.3 times higher than the global average. 

“The pharmaceutical sector is one of the largest contributors to the global economy and human welfare. But pharmaceutical companies are struggling to protect their distributed network perimeter from increased cyber-attacks coming from well-funded and well-organized hacking groups on the hunt to steal and hold valuable, confidential data for ransom or other nefarious acts,” said Uzi Krieger, CEO of Reposify. 

“COVID-19 is still ravaging parts of the world, variants are spiking, and the safety of clinical research, manufacturing and supply chains have never been so important to humanity, and yet, pharmaceutical companies remain ill prepared and unsecured, spiraling the industry into red level vulnerability to external attacks, “ Krieger added. 

Luckily, of all security flaws uncovered, 72% were categorized in a low-risk category. However, 15% were classified as critical, 7% were high-risk, and 6% were medium risk. The median number of high-severity risks for each firm was 269, while the median of critical flaws per company was 125. These risks were linked to vulnerable software (38%), improper access controls (33%), and potential DDoS (23%), among others.