LOS ALTOS, Calif., Jan. 26, 2022 /PRNewswire/ — Today, Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, released their Pharma Sector Exposures Report: 2018-2021 Digital Risk Findings and Trends. This report builds on insights from Constella’s 2021 Identity Breach Report, and includes new and additional findings pertaining to exposures, breaches, and leakages within the Pharmaceutical (Pharma) sector, specifically focusing on employees and executives from the top twenty Pharma companies on the Fortune Global 500 list.

This industry-specific report examines data from January 2018 through September 2021. By analyzing identity records from data breaches and leakages found in open sources and on the surface, deep, and dark web, Constella’s threat intelligence team identified 9,030 breaches/leakages and 4,549,871 exposed records—including attributes like email addresses, passwords, phone numbers, addresses, and even credit card and banking information—related to employee corporate credentials from the companies analyzed. The proliferation and circulation of this sensitive employee data endows threat actors with the necessary resources to execute a wide range of cyberattacks, including impersonation, phishing, account takeover and several others that can lead to more sophisticated attacks such as ransomware or coordinated disinformation campaigns.

Report Finds Widespread Cyber Vulnerabilities for Pharma Companies & Executives on Fortune Global 500 ListPost this

“The Pharma sector’s role within the healthcare ecosystem, especially with today’s public health needs, only emphasizes how critically important it is that these companies protect themselves from cyber threat actors,” said Constella Intelligence CEO, Kailash Ambwani. “As we have seen before, only one exposed employee credential can lead to a company having their systems or supply chain shut down by a data breach leading to a ransomware attack, resulting in a shortage of life-saving supplies.”

Pharma companies are high-value targets for threat actors because of their intellectual property and proprietary information as well as their vital role in developing life-saving treatments. The transition towards remote workforces, driven by the pandemic, amid accelerating operational digitization has increased the overall digital footprint of companies in this sector, leading to greater digital vulnerabilities and risk.

This report uncovers the widespread prevalence of breaches and exposures related to the corporate credentials of employees and executives in the Pharma sector, detailing the serious risks emerging from exposed sensitive data that negatively impact customers, employees, executives, brands, public health, and the healthcare system.

Key Findings:

• Constella identified over 4.5M exposed records from nearly 10K breaches and leakages exposing the corporate credentials of employees from the top twenty Global Fortune 500 Pharma companies between 2018 and 2021.
• Nearly two-thirds of breaches and leakages in the Pharma sector since 2018 include personally identifiable information (PII), with the most common attributes being email, password, name, username, phone number, address, date of birth, and credit card information.
• A sample of 78 executives (C-suite profiles) from top Pharma companies found that 58% of executives have had their corporate credentials exposed in a third-party breach or leakage since 2018.
• Approximately 59% of total breaches and 76% of total exposed records identified in the report occurred since 2020, signaling both are escalating in the Pharma sector at an alarming rate.   

Constella continuously monitors social media and the surface, deep, and dark web for exposed corporate credentials and other PII with automatic alerts once a threat is detected to protect employees, executives, and companies from a targeted attack.

Download Pharma Sector Exposures Report here.

Press Release