Marene Allison, the Chief Information Security Officer at Johnson & Johnson, one of the companies involved in the research and development of avaccine, said this week that healthcare organizations like her employer are seeing cyber-attacks from nation-state threat actors “every single minute of every single day.”
Allison’s comments come after on Wednesday, the Wall Street Journal reported that Johnson & Johnson was one of six COVID-19 research companies that have been targeted by North Korean hackers seeking vaccine information.
“Healthcare companies literally have seen an onslaught [of cyberattacks] since March 2010,” Allison said on Thursday in an online panel at the Aspen Cyber Summit.
“That is the day that the Chinese actually started a hard knock of most of the healthcare in the United States.”
“Meredith and I, and in all CISOs and healthcare [organizations], are seeing attempted penetrations by nation-state actors, not just North Korea, every single minute of every single day,” Allison said, referring to Meredith Harper, CISO at Eli Lilly, another pharmaceutical company involved in the COVID-19 response, also present on the online panel.
The Johnson and Johnson CEO said that “with the vaccine in development,” her company is now “on a grander stage.”
Allison also said that her company doesn’t “have the resources to know where [an attack] came from,” or what attackers are actually going after, but instead has been working and relying on H-ISAC and CISA to identify and classify cyber-attacks.
All in all, Allison said Johnson & Johnson saw a 30% uptick in cyber-attacks targeting the company, but that they couldn’t tell how much was COVID-19-related.
“There’s only going to be so many people who could get information and turn it into a vaccine,” she said. “Then we’re going to have the
group of people who just decide that ‘well I don’t want the world to have a vaccine’.
“For us, inside, it’s really not much of a difference,” Allison said.