Northern BioStrategies
Industry Trends

The Life Sciences Industry in the New Era of Cybersecurity

Dieu Anh Nguyen
#life sciences#strategy#supply chain

Cyberattacks could cause companies billions in damage. Life Sciences companies, which usually hold highly sensitive and valuable data, are particularly desirable targets for cybercriminals.

The Life Sciences Industry and Cyberattacks

During the COVID-19 pandemic, state-backed hackers from China, Russia, and North Korea have allegedly tried to steal COVID-19 research data from other countries 1, 2, 3. In an unsuccessful attempt, AstraZeneca’s staff were approached by suspected North Korean hackers with fake job offers 3. They were sent job description documents that contained malicious code designed to gain access to the victim’s computer.

R&D progress information from publicly traded Life Science companies often causes large swings in stock values 4. In the mid 2010s, cybercriminal groups, such as FIN4 and Butterfly, targeted biopharmaceutical companies to access stock-moving insider information and gain stock trading advantage 4, 5. Major pharmaceutical companies have reportedly been affected.

Apart from the loss of valuable information, companies must also be prepared for the operational disruptions that come with these attacks. In 2017, Merck and Co. (MSD in the UK) was attacked by Russian hackers as part of Russia’s retaliation against companies working in Ukraine 6. This disrupted its worldwide operation, including a vaccine plant shutdown, requiring the company to borrow vaccine doses from the US government to fulfil orders. The company reported that the attack caused US$1.4B in damage 7.

Similarly, a cyberattack affecting medical device maker Stryker in March this year caused delayed product delivery, forcing doctors to postpone some surgeries 8. The attack was performed by a pro-Iranian group in response to the US-Israeli attack. This demonstrates that cyber-defence is not only important to protect intellectual properties, but also because the resulting operational disruptions could harm people’s lives. It also shows the industry’s exposure to geopolitically motivated attacks.

The New Era of Cybersecurity

The rapid advancements in artificial intelligence in recent years have ushered in an era of AI-powered cyberattacks with increasing speed, scale, and sophistication 9. In late April this year, Anthropic revealed Claude Mythos - its most powerful AI model yet 9, 10. Mythos can identify vulnerabilities within existing computer systems/networks with unprecedented speed and efficacy, then suggest ways to exploit these weaknesses. It has reportedly spotted thousands of weaknesses in every major operating system/browser - gaps that have been missed over decades of human reviews 9. While users could use the insights provided by Mythos to patch existing gaps and enhance their cybersecurity, malevolent actors could use them to launch destructive cyberattacks.

Given the potential risk to the public, Anthropic has decided to restrict Mythos access to only carefully selected partners. Nevertheless, it might only be a matter of time before ill-intentioned actors set their hands on similar tools. This also comes at a period where geopolitical tensions are high and escalating.

What’s Next for Life Sciences Companies?

Life Sciences companies are now facing increasing cybersecurity risks due to technological advancements and rising geopolitical tensions. Contingency and continuity plans must be updated to include more potential scenarios. Leaders must stay up to date with the latest cybersecurity advancements and update the organisation’s systems as appropriate. Cybersecurity standards for suppliers and contractors must be set to avoid disruptions through the rippling effect.

References
  1. Sagonowsky, E. 2020a. Russian hackers feverishly working to steal COVID-19 vaccine research, governments say. [Online]. [Accessed 02 May 2026]. Available from: https://www.fiercepharma.com/pharma/russian-hackers-targeting-covid-19-vaccine-researchers-governments-say
  2. Sagonowsky, E. 2020b. U.S. indictment says Chinese hackers tried to steal COVID-19 vaccine and drug research. [Online]. [Accessed 02 May 2026]. Available from: https://www.fiercepharma.com/pharma/u-s-says-chinese-hackers-tried-to-steal-covid-19-vaccine-and-drug-research
  3. Stubbs, J. 2020. Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca -sources. [Online]. [Accessed 02 May 2026]. Available from: https://www.reuters.com/world/asia-pacific/suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-2020-11-27/
  4. Taylor, N.P. 2015. Financially motivated hackers break into 3 major pharma companies in 18 months. [Online]. [Accessed 02 May 2026]. Available from: https://www.fiercebiotech.com/it/financially-motivated-hackers-break-into-3-major-pharma-companies-18-months
  5. Sagonowsky, E. 2019. Merck, insurers fight over $1.3B in damages from cyberattack: Bloomberg. [Online]. [Accessed 02 May 2026]. Available from: https://www.fiercepharma.com/pharma/merck-insurers-fight-over-1-3-billion-damages-from-cyberattack-bloomberg
  6. Alder, S. 2024. Merck Reaches Settlement with Insurers over $1.4 Billion NotPetya Malware Attack. [Online]. [Accessed 02 May 2026]. Available from: https://www.hipaajournal.com/merck-insurance-settlement-notpetya/
  7. Stryker. 2026. Customer Updates: Stryker Network Disruption. [Online]. [Accessed 02 May 2026]. Available from: https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html
  8. Solano, A., Zeizel, A., Shipley, B., Caridi, C., Robbins, C., Connor, C., McMillen, D., Babwah, E., Kuo, J., Chung, J., Washington, K., Oliver, K., Alvarez, M., Jones, O., Hill, S. and Cunningham, S. 2026. X-Force Threat Intelligence Index 2026. [Online]. [Accessed 02 May 2026]. Available from: https://www.ibm.com/think/premium/threat-intelligence-report-executive-summary#605511093
  9. Anthropic. 2026. Project Glasswing. [Online]. [Accessed 02 May 2026]. Available from: https://www.anthropic.com/glasswing
  10. Ford, F., Cousins, A., Ali, S. and Juegelt, A. 2026. Claude Mythos and the AI Cybersecurity Wake-Up Call. [Online]. [Accessed 02 May 2026]. Available from: https://www.bain.com/insights/claude-mythos-and-ai-cybersecurity-wake-up-call/
← Back to Insights