Warnings that cyberattackers backed by the Chinese and Russian governments are targeting COVID-19 vaccine research drive home the need for companies to think beyond their regulatory obligations to protect personal information and to ensure that their intellectual property is shielded from evolving cyber threats.

In a joint July 16 alert, government officials from the U.S., U.K. and Canada put companies on notice that a Russia-linked group known as Cozy Bear has carried out a series of attempted online attacks on organizations working to research and develop a vaccine for the coronavirus that causes COVID-19. The advisory came on the heels of a similar warning issued by U.S. officials in May that malicious users backed by the Chinese government are aiming to steal American research on vaccines and treatments for the virus.

The threats highlight the evolving, aggressive methods of nation-state-backed cyberattacks, but also the risks of holding sensitive information that is enticing to bad actors for its competitive value rather than for the more common motivations of making money or wreaking havoc.

Additionally, while the health care industry was an enticing target for cyberattacks before the pandemic, they have spiked since COVID-19 emerged.

MMM's Ashley Thomas was called for comment and states, "The security challenges are heightened by the fact that many health care entities now have large remote workforces, which can expose security vulnerabilities and lead to cyberattacks. Implementing effective cybersecurity policies and incident response procedures was a necessity before the pandemic, and it is critical now to adopt these measures."

While the defendants are unlikely to ever face these charges in U.S. court because they live in China, which does not extradite its citizens, the move to name and shame them signals that the U.S. government is taking these threats seriously.

Read the full article here. Law360 subscription required.