No supply chain is immune from cyberattacks.  This includes, unfortunately, in regards to the COVID-19 vaccine.

Yesterday the US Homeland Security Department issued a warning that a series of cyberattacks is underway aimed at the companies and government organizations that will be distributing coronavirus vaccines around the world.  Specifically, the attacks target the COVID-19 cold chain (an integral part of delivering and storing a vaccine at safe temperatures).

The warning cautions that “[i]mpersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials.  The emails have been posed as requests for quotations for participation in a vaccine program.”  It is unclear at this time whether these attacks are for purposes of stealing the technology for keeping the vaccines refrigerated in transit or for sabotaging distribution of the vaccine.

Josh Corman, the chief strategist for healthcare at the US Cybersecurity and Infrastructure Security Agency (“CISA”) commented that this underscored the need for all “all organizations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space.”

Although this warning was specific to the COVID cold supply chain, all organizations should take note as the core strategies utilized by cybercriminals cut across industries.  As CPW’s Elliot Golding and Kristin Bryan have previously commented “[t]echnical cybersecurity safeguards, such as patching, are obviously critical to an effective cybersecurity program.  However, many of the most common vulnerabilities can be addressed without complex technical solutions.”  You can read their top five list of practical recommendations to reduce cyber risk here.