Pharma leaders collaborate on supply-chain security framework

Although the pharmaceutical industry was vulnerable to ransomware attacks and intellectual property theft before the pandemic, drug manufacturers have moved higher on the list of potential cyber-crime targets. Headline-grabbing COVID vaccines and treatments, as well as lucrative biologics and perennial brand-name drugs, have called attention to pharma companies’ financial reserves and valuable trade secrets.

There is no doubt that the pharmaceutical industry has entered a new era of mutual concern.  We believe that it is critical to increase cross-institutional collaboration not only on treatments and vaccines for COVID-19 and future global health crises, but also on ensuring that third-party suppliers and partners maximize their cybersecurity postures. In other words, toppling silos will only make the industry stronger. 

In this spirit of cross-institutional collaboration, KPMG assembled a team of CISOs and subject matter experts from Johnson & Johnson (J&J), Pfizer, Cardinal Health, McKesson, Abbott, and Eli Lilly to create a proprietary security framework for the pharmaceutical supply chain.  Spearheaded by KPMG cybersecurity leaders, together with industry membership organization Health-ISAC and J&J, the framework centers on a CISO guide to working with the business to address top security risks, including insights from pharma CISOs on the top six security threats and how to address them (“Securing the modern pharmaceutical supply chain”).

The hope is that this framework will be a work in progress and that other members of the Health-ISAC community—and the pharmaceutical industry at large—will weigh in as the pharmaceutical ecosystem evolves.