HQ/EMEAFind out how we can help your business
Pharmaceutical giant Alkem Laboratories confirmed on Friday, January 12, a significant cybersecurity incident that resulted in a fraudulent transfer of Rs 52 crore ($6.2M) from one of its subsidiaries. While the company assured that the impact was minimal and confined to a specific incident, the breach raises critical concerns about cybersecurity vulnerabilities within India’s pharmaceutical sector.
The breach was attributed to compromised business email IDs of some employees at the subsidiary, although the exact nature of the security breach was not disclosed. Alkem Laboratories, despite the stolen amount falling below mandatory reporting thresholds, opted for transparency and promptly reported the incident to stock exchanges.
Alkem Laboratories sought external support to maintain trust in its leadership.
Alkem appointed an external agency and filed complaints with the relevant authorities. The company emphasised that the fraudulent activity was not linked to any internal misconduct by promoters, directors, or employees. This reassurance aimed to maintain confidence in the integrity of the company’s leadership.
In an effort to bolster its cybersecurity posture, Alkem Laboratories had previously partnered with a cybersecurity company in November 2023. The collaboration intended to protect the company’s 23 manufacturing facilities located across India and the US. The recent breach prompted an extension of this fortified security infrastructure to cover all Alkem Labs subsidiaries globally, focusing particularly on networks and emails.
In a joint statement of Alkem Labs and its cybersecurity partner, they acknowledged the cyber breach involving fraudulent email IDs. They revealed that the affected foreign subsidiary was operating independently outside the corporate systems and was not leveraging the cybersecurity company’s solutions at the time.
This incident sheds light on the broader cybersecurity landscape within India’s pharmaceutical sector. With these companies holding invaluable intellectual property and sensitive patient data, they become lucrative targets for cybercriminals. Alkem’s proactive disclosure stands as a warning, underscoring the immediate requirement for robust cybersecurity measures and increased vigilance throughout the industry.
As questions linger about how the attack happened and how much risk there might be for the whole pharmaceutical industry, this incident could lead to more talks and actions to protect India’s pharmaceutical sector from cybercrime. The sector should prioritise cybersecurity to protect not only its financial gains but also the valuable data and patient information in its possession.
