Drug Lab Cyberattack Puts Spotlight on IP Theft Threat

Charles River Laboratories Says Some Clients' Data 'Copied' by Hackers
Drug Lab Cyberattack Puts Spotlight on IP Theft Threat

In what may be a case of industrial espionage, Massachusetts-based drug development company Charles River Laboratories has reported unauthorized access to portions of its information systems and the copying of data by an intruder.

See Also: Cybersecurity for the SMB: Steps to Improve Defenses on a Smaller Scale

In an April 30 8K filing with the Securities and Exchange Commission, Charles River Laboratories says it has notified clients of the incident.

"While the investigation is ongoing, the company has recently determined that some client data was copied by a highly sophisticated, well-resourced intruder. The number of clients whose data is known to have been copied represents approximately 1 percent of Charles River's total number of clients," the statement says.

"The percentage of clients affected does not necessarily equate to the potential revenue or financial impact related to this incident, which the company has yet to determine. There is no indication at this time that any of the client data the company has identified as having been accessed during this incident was deleted, corrupted or altered. Charles River has taken steps to contact all clients whose data is known to have been copied."

Innovative Work

The apparent pilfering of client data raises potential concerns because of the innovative nature of the company's work, spotlighting the possibility the lab was a target for corporate espionage or IP theft.

A Charles River Laboratories spokeswoman says the company is not divulging any additional details about the number of clients or individuals impacted, or the type of data impacted, beyond what's mentioned in the SEC filing.

She acknowledges, however, that the incident is not reportable under the HIPAA Breach Notification Rule because no patient information was compromised.

Charles River Labs is involved in "early stage, early discovery drug development" before clinical trials begin, she explains.

The spokeswoman declined to comment on whether intellectual property theft is a suspected motive of the attack.

Other Targets

In a statement posted on Charles River Lab's website, the company says that U.S. law enforcement has indicated that other organizations have been targeted by similarly "sophisticated, well-resourced intruders."

The Wilmington, Mass-based company reported $2.27 billion in revenue in fiscal 2018 and says it supported the development of more than 85 percent of the drugs approved by the Food and Drug Administration last year.

"A well-resourced nation-state or other organized crime group could easily accelerate a competing product or service, eclipsing a company's growth or continuing existence."
—Steven Teppler, Mandelbaum Salsburg P.C.

Its clients include "leading pharmaceutical, biotechnology, agrochemical, government and academic organizations around the world. Its services include basic research, discovery, safety and efficacy, clinical support and manufacturing, the company's website says.

The Investigation

Charles River Labs in its SEC filing notes that it detected unusual activity in its information systems in mid-March and launched an investigation into the incident, coordinated with U.S. federal law enforcement, and engaged leading cybersecurity experts.

The drug development firm also says it began to "promptly implement a comprehensive containment and remediation plan," the SEC filing notes.

"The company continues to move aggressively to further secure its information systems, which includes adding enhanced security features and monitoring procedures to further protect its client data," the filing states. "While Charles River has taken substantial steps to minimize unauthorized access into its information systems, until its ongoing remediation process is complete, the company will be unable to determine that this incident has been entirely remediated."

Growing Concern

Cyberattacks, as well as incidents involving malicious insiders, that are suspected to be motivated by IP theft and other corporate espionage is a growing concern in the healthcare sector.

"A number of bad actors both physically present as well as remote are trying to get into our data repositories, take the intellectual property, trying to find what kind of progress we're making for curing cancer and take that back to their home countries."
—Aaron Miro, UT Health Austin

For example, in a recent interview, Aaron Miri, CIO for the University of Texas at Austin, Dell Medical School and UT Health Austin, told ISMG that foreign espionage is a top threat to the healthcare sector, citing a recent incident at an affiliated organization - the University of Texas MD Anderson Cancer Center.

That academic medical research institution recently ousted three senior researchers after the National Institutes of Health informed it that the scientists had committed potentially "serious" violations of agency rules involving confidentiality of peer review and the disclosure of foreign ties, according to report in Science Magazine.

The news site also reported in March that the NIH recently sent letters to dozens of other major U.S. research universities asking them to provide information about specific faculty members with NIH funding who are believed to have links to foreign governments that the Bethesda, Maryland-based institute did not know about.

"Recently one of my sister organizations expelled three foreign scientists due to the [allegation] they were trying to steal intellectual property," Miri says. "While working with the FBI, the university decided to expel those folks.

"From the academic medical center perspective, we are finding that there are a number of bad actors both physically present as well as remote that are trying to get into our data repositories, take the intellectual property, trying to find what kind of progress we're making for curing cancer and take that back to their home countries."

Healthcare Sector Worries

For the healthcare sector, threats involving IP theft are a growing concern, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.

"From connected medical devices to AI and remote diagnostics, we're seeing an integration of IP along the entire healthcare spectrum," he says.

Theft of IP in the healthcare arena raises two significant concerns, Teppler says.

"The first is the financial repercussions from having a competitor steal your IP, particularly if the organization is in startup or early stage. A well-resourced nation-state or other organized crime group could easily accelerate a competing product or service, eclipsing a company's growth or continuing existence."

A second, and perhaps more important issue, is that the theft of IP, particularly if not immediately discovered, could result in the thief using the IP to compromise the operation of the product or service, he adds.

"Where there are many medical device or service endpoints, IP theft could result in personal injury on a widespread basis," Teppler says.

Top Targets

The 2018 Verizon Data Breach report found manufacturing-related companies are among the most targeted for IP theft.

In manufacturing, about 47 percent of breaches in 2017 involved the theft of intellectual property to gain competitive advantage, according to the report.

The report also notes that in 2017, about 12 percent of cyberattacks across all industries involved nation-state or state-affiliated actors.

Teppler offers one final tip: "Don't be shy about resourcing the development and revision of policies and processes on an ongoing basis to address IP protection."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.