Scientific Gold: The Global Attack on Life Sciences Data

For 11 consecutive years, the healthcare and Life Sciences industries have topped list of data breach costs. In 2021, data breach costs for Life Sciences were $5.04 million. In the past we’ve covered the various industries affected by cybercrime and the rising costs of those crimes. We’ve covered attacks in the legal sector, hospitals and credit unions. But what makes the biotech industry’s recent spat of data breaches remarkable is its scope—a scope that is global in nature and expanding exponentially due to the advent of COVID-19. Biotech companies have something very valuable to cybercriminals—personal data and intellectual property.

What Could Happen

Enzo Life Sciences – In April 2023, the Life Sciences company reported a data breach that compromised clinical test information of nearly 2.5 million patients. According to Enzo Biochem, the hacked data also included the names, test information and social security numbers of approximately 600,000 individuals. Enzo Biochem eventually agrred to pay $7.5 million to settle a class action suit related to the data breach.

Inotiv, Inc. – In August 2025, the nonclinical and drug discovery and development company reported that the infamous Qilin ransomware group breached their systems making off with 176 gigabytes of sensitive data. According to bleepingcomputer.com, Qilin says it gained access to “a complete report on the development and testing of dozens of drugs. The publication of this archive threatens the company with contract terminations and fines exceeding several hundred million dollars.”

Cencora – In February 2024, the global pharmaceutical solutions company reported a data breach that compromised 1.43 million individuals. The hackers in this case made off with a litany of personal data that includes personal and protected health information: names, addresses, dates of birth, Social Security Numbers, health and insurance information, financial information, transactional information, consumer profile information, racial/ethnic identity, political opinions, sexual orientation/identity, criminal history, IP addresses, other electronic identifiers, biometric information, genetic information, trade union membership information, and driver’s license and passport information. The company eventually agreed to pay a settlement of $40 million dollars.

Why is this unique

What makes the biotech industry cybercrimes unique is the vast number of things cybercriminals target for attacks. Life Sciences companies often hold valuable intellectual property that is not only of interest to domestic cybercriminals but to state-sponsored cyber organizations. The scope for cybercrimes in this industry are truly global.

How to Protect

Companies like WarCollar Services can help protect your business against the ever evolving cybersecurity landscape. WarCollar Industries LLC offers Cybersecurity services from an innovative team of cybersecurity experts. We offer services for large, middle, and/or small businesses.

For Commercial Businesses

Commercial Penetration Testing: Penetration Testing (Pen Testing) uses real-world tactics, techniques, and procedures to create cyber-attack simulation to test the effectiveness of your IT security defenses, policies, and staff. WarCollar will assess your Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to critical assets.

For Medium to Small Businesses

Pen Testing: Pen Testing uses real-world tactics, techniques, and procedures to create cyber-attack simulation to test the effectiveness of your IT security defenses, policies, and staff. WarCollar will assess your Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to critical assets.

Compromise Assessments: WarCollar takes a proactive approach to cybersecurity that aims to identify, understand, and mitigate threats to organizations, individuals, and governments. Our skilled team provides high-level investigations using advanced tools to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. Our assessment will help reduce the security risk of attackers stealing financial assets, customer data or intellectual property.

Let’s Get Started!

Sources:

• https://www.hipaajournal.com/clinical-test-data-of-2-5-million-individuals-stolen-in-enzo-biochem-ransomware-attack/

• https://www.hipaajournal.com/security-breaches-in-healthcare/

• https://www.sec.gov/Archives/edgar/data/720154/000162828025040658/notv-20250808.htm#:~:text=On%20August%208%2C%202025%2C%20Inotiv,reducing%20disruption%20to%20its%20business.

• https://industrialcyber.co/pharma/inotiv-cyberattack-disrupts-operations-after-systems-encrypted-in-ransomware-style-breach/

• https://www.cencora.com/caredx-notice

• https://www.hipaajournal.com/cencora-cyberattack-data-breach/

• https://www.fiercebiotech.com/medtech/guardant-health-discloses-cyberattack-alongside-planned-ipo

• https://straussborrelli.com/2024/02/09/krystal-biotech-data-breach-investigation/

• https://www.mass.gov/doc/assigned-data-breach-number-2024-241-krystal-biotech-inc/download

• https://beyondmachines.net/event_details/krystal-biotech-reports-data-breach-exposing-customer-information-t-j-s-2-8

• https://asimily.com/blog/average-cost-of-a-life-science-data-breach-is-5m/

• https://isg-one.com/industries/life-sciences/articles/cybersecurity-in-life-sciences-in-the-time-of-war-and-pandemic-5-ways-to-mitigate-risk

• https://www.cyberhaven.com/guides/insider-threat-vs-insider-risk#:~:text=An%20insider%20risk%20is%20when%20a%20trusted,sharing%20a%20file%20with%20the%20wrong%20person