I&M Bank House, 5th Floor, 2nd Ngong Avenue, Upper Hill, Nairobi, Kenya

Our Clients in Pharmaceutical Industry

Data protection in the pharmaceutical Industry

Data protection in the pharmaceutical industry is crucial, as it involves sensitive information such as patient data and confidential drug development information. One example of a data protection case study in the pharmaceutical industry is the 2017 hacking incident at Merck, a major pharmaceutical company.

  • We undertook a data protection audit and issued a report.
  • We ensured the registration of the group of companies as data controllers/processors
  • We conducted several protection training and audit undertaken at the clients’ premises.
  • We advised and implemented Cyber Security control measures

In June 2017, Merck, one of the world’s largest pharmaceutical companies, fell victim to a cyber attack that affected its computer network worldwide, disrupting operations and causing the company to shut down its manufacturing facilities. The attack was later determined to be a ransomware attack, which is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key.

The attack affected Merck’s ability to produce and distribute drugs and vaccines, and the company had to rely on backup systems to continue operations. Merck reported that the attack did not compromise any personal data of patients or customers, but it did result in the loss of research data.

The incident highlights the importance of data protection and cybersecurity in the pharmaceutical industry, as well as the need for companies to have robust backup systems in place to prevent disruptions to operations. Additionally, it is also important for companies to have incident response plan in place and to train employees on how to identify and respond to potential cyber attacks.

Pharmaceutical industry needs to adhere to regulations and compliance standards such as HIPAA (Health Insurance Portability and Accountability Act), FDA (Food and Drug Administration) and GDPR (General Data Protection Regulation) which are designed to protect patient data and confidential drug development information.