Cyber attacks: The new headache for drug regulators reviewing Covid-19 vaccines

Germany’s BioNTech has said the hackers who breached EU drug regulator European Medicines Agency had accessed documents relating to the regulatory submission for the Pfizer-BioNTech Covid-19 vaccine candidate. In the recent past, companies such as Moderna, AstraZeneca, Pfizer and government laboratories in Spain, all developing Covid-19 vaccines, have complained of cyber attacks allegedly originating from China and Russia. North Korea is also believed to behind some hacking attempts

Viswanath Pilla

Dec 11, 2020 / 03:18 PM IST

Three pharma companies have applied for emergency use authorisation of their COVID-19 vaccines in India

EU drug regulator European Medicines Agency, which is reviewing the emergency-use applications filed by Pfizer-BioNTech and Moderna for their respective Covid-19 vaccines, has been hit by a cyberattack.

The Amsterdam-based regulatory agency said it has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities. The EMA, however, didn’t indicate who was behind the attack or what was the motive behind the breach of its systems.

BioNTech said in a statement on December 9 that hackers had breached EMA servers and accessed some documents relating to the regulatory submission for Pfizer-BioNTech’s Covid-19 vaccine candidate. The company said it was unaware if any study participants had been identified through the data being accessed.

“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law. EMA has assured us that the cyber attack will have no impact on the timeline for its review,” BioNTech said.

Regulators stunned

The cyberattack on EMA has sent shockwaves across various countries’ drug regulators, some of whom have recently begun reviewing Covid-19 vaccines, while others are due to take up reviews in the days ahead.

COVID-19 Vaccine

Frequently Asked Questions

How does a vaccine work?

A vaccine works by mimicking a natural infection. A vaccine not only induces immune response to protect people from any future COVID-19 infection, but also helps quickly build herd immunity to put an end to the pandemic. Herd immunity occurs when a sufficient percentage of a population becomes immune to a disease, making the spread of disease from person to person unlikely. The good news is that SARS-CoV-2 virus has been fairly stable, which increases the viability of a vaccine.

How many types of vaccines are there?

There are broadly four types of vaccine — one, a vaccine based on the whole virus (this could be either inactivated, or an attenuated [weakened] virus vaccine); two, a non-replicating viral vector vaccine that uses a benign virus as vector that carries the antigen of SARS-CoV; three, nucleic-acid vaccines that have genetic material like DNA and RNA of antigens like spike protein given to a person, helping human cells decode genetic material and produce the vaccine; and four, protein subunit vaccine wherein the recombinant proteins of SARS-COV-2 along with an adjuvant (booster) is given as a vaccine.

What does it take to develop a vaccine of this kind?

Vaccine development is a long, complex process. Unlike drugs that are given to people with a diseased, vaccines are given to healthy people and also vulnerable sections such as children, pregnant women and the elderly. So rigorous tests are compulsory. History says that the fastest time it took to develop a vaccine is five years, but it usually takes double or sometimes triple that time.

Show

Analysts say some of these hackers are state-sponsored. In his blog, Tom Burt, Corporate Vice President, Customer Security and Trust, Microsoft, says that in recent months, cyberattacks from three nation-state hacker groups targeting seven prominent companies directly involved in Covid-19 vaccine research and treatment have been detected.

Burt says pharmaceutical companies and vaccine researchers in India, along with those in Canada, France, South Korea and the US are major targets of the hackers. He alleged that the attacks came from Strontium, a hacker group originating in Russia, and two groups originating from North Korea called Zinc and Cerium.

“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work,” Burt said.

The Microsoft executive explains that Strontium uses password spray and brute force login attempts to steal login credentials. Zinc and Cerium attackers use phishing methods such as sending messages with fabricated job descriptions or using Covid-19 themes while masquerading as World Health Organization (WHO) representatives.

Vaccine supply chains vulnerable

Analysts have also warned of hackers breaking into vaccine supply chains and logistics systems and playing havoc.

In April, the WHO said that since the Covid-19 pandemic, it has seen a dramatic increase in the number of cyber attacks directed at its staff, as well as email scams targeting the public at large.

The WHO said it is working with the private sector to establish more robust internal systems and strengthening security measures while educating staff on cybersecurity risks.

The world health body has asked the public to remain vigilant against fraudulent emails and recommends the use of reliable sources to obtain factual information about Covid-19 and other health issues.

Viswanath Pilla is a business journalist with 14 years of reporting experience. Based in Mumbai, Pilla covers pharma, healthcare and infrastructure sectors for Moneycontrol.

TAGS: #Business #Companies #coronavirus #Health

first published: Dec 11, 2020 02:43 pm