Blogging from BIO 2018: Does the Life Science Industry “Get” Cyber Security?

Foley Hoag LLP - Security, Privacy and the Law
Contact

Foley Hoag LLP - Privacy & Data Security

I am attending BIO 2018 in Boston, just steps from our Boston office. Naturally, I was drawn to yesterday’s session on “Life Sciences Cyber Exposures and Risk Mitigation Considerations.” But I came away disappointed. First of all, the session was held in a small room and even then, it was only one-third full (maybe 30 people of the 16,000 attending BIO 2018 chose to attend).

The session revolved around a recent breach reported by Sangamo Therapeutics. According to the company’s recent 8-K:

  • “On April 17, 2018, Sangamo Therapeutics, Inc. (the “Company”) announced a data security incident involving the compromise of a senior executive’s Company email account. Upon learning of the incident on March 28, 2018, external network security experts were promptly engaged, and the incident response team worked diligently to investigate the incident. The Company also promptly notified federal law enforcement of the incident. The investigation concluded that the incident was limited to the compromise of the senior executive’s Company email account for approximately 11 weeks. The investigation did not reveal any evidence that the Company’s network or other information technology systems were otherwise compromised in connection with the incident or that the incident resulted in the disclosure of or access to personal information about patients or other individuals besides the holder of the Company email account that was affected. However, proprietary, confidential and other sensitive information of the Company and other entities was accessed and may have been compromised as a result of the incident. The Company is continuing to analyze the effects of the incident, along with appropriate remediation of the Company’s information technology systems, and that analysis and the related remediation efforts could ultimately reveal that other Company information technology systems were compromised and/or that additional information was revealed or compromised.”

The breach was the result of a phishing incident, and Sangamo’s in-house counsel reported spending over $500,000 in attorneys’ fees and forensic consultants as part of its response.  Interestingly, it appears Sangamo did not have an incident response plan in place prior to this, surprising for a company with a market cap of $1.675 billion.   That comes on the heels of the ransomware attack that cost Merck more than $300 million in Q3 2017 alone.  So I left the session with the sense that biotech companies still aren’t taking cyber as seriously as they should.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Foley Hoag LLP - Security, Privacy and the Law

Written by:

Foley Hoag LLP - Security, Privacy and the Law
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide