During the Covid pandemic, the healthcare sector has been a hot target for ransomware attackers who are looking to make hay from the challenges faced by the sector. It should perhaps come as no surprise that malicious hackers have also been targeting the vaccine infrastructure that has played such a crucial part in tackling the pandemic.
For instance, in December 2020 the European Medicines Agency reported that data on the Pfizer vaccine was stolen in a cyberattack, with the data then illegally published online.
“Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed. It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” the company said in a statement.
Targeting the supply chain
The vaccine developers themselves were not the only stakeholders targeted by malicious hackers, with IBM revealing that it had been tracking a cyberattack on the "cold chain" network used to transport vaccines from the manufacturing facility to the surgeries, hospitals, and pharmacies used to administer it to the public.
The company revealed that the campaign began in September 2020 and was delivered via a phishing attack distributed across six countries.
The attack targeted organizations in the Cold Chain Equipment Optimisation Platform (CCEOP) of the international vaccine alliance, Gavi.
The Pfizer vaccine needs to be kept at around -70C, which represents a challenge both in terms of transportation and storage before being administered. The infrastructure across the cold chain uses an array of electronics to help achieve that, and this electronic infrastructure is unfortunately incredibly vulnerable to hacking.
Keeping supplies safe
A recent paper from researchers at the University of Michigan outlines a number of things those across the cold chain can do to keep things as safe and secure as possible. The study was originated by a major health system and highlighted the range of vulnerabilities faced by those in the sector. For instance, they identified the potential for attackers to use the kind of electromagnetic interference generated by a simple walkie-talkie to trick temperature sensors into giving out incorrect readings. This could then suggest that the vaccine has been spoiled by virtue of being too warm to use, or it could even cause the freezer to malfunction and spoil the vaccines inside.
The researchers identify a number of relatively straightforward measures that can be taken to protect against vaccine supply attacks.
The first step is to restrict who has access to crucial data, such as that held in the temperature displays. Attacks against such interfaces are often a case of trial-and-error, and hackers may try a range of different forms of electromagnetic interference to try and manipulate the display. If the displays are made less visible, however, then it becomes instantly harder to pull off, so consider moving the displays, restricting real-time readouts, and limiting access to the areas where the displays are visible.
Stakeholders should also work to keep details about the particular sensors being used as confidential as possible. The authors argue that it is much easier to hack a network when you know the components used, not least as practice attempts can be made on duplicated setups. By keeping details of the temperature sensors secret, this helps to overcome this approach.
Hackers can also be thrown off the scent by both keeping the locations of sensors confidential and ensuring they’re moved on a regular basis. Successful attacks require the EMI device to be placed within a certain distance of the sensor, so making it harder for the attacker to know precisely where the best place might be can be a good deterrent. This can even involve something as simple as placing equipment in the center of rooms to make it harder for attacks to occur from adjoining rooms.
Cold chain operators could also consider reducing the sensor sampling rate as much as possible. The authors highlight that most temperature sensors take their measurements at a preset rate, which can give hackers more opportunities to hijack and manipulate the readings. By reducing the sampling rate to the lowest needed to function effectively it reduces the amount of data for the hackers to target.
The final recommendation is to utilize sensors that are less vulnerable to attack by electromagnetic energy. Traditional thermocouple sensors are more susceptible than newer approaches, such as chemical-based temperature indicators or on-chip integrated temperature sensors, for instance.
Supply chains have become increasingly targeted by cybercriminals during the Covid pandemic, and the vaccine cold chain is no exception. Thankfully, some reasonably straightforward measures can help to limit the risk as much as possible and ensure the vaccines and other medicines we so rely on reach us safe and sound.