Welcome to our new website! If this is the first time you are logging in on the new site, you will need to reset your password. Please contact us at email@example.com if you need assistance.
Your membership opens the door to free learning resources on demand. Check out the Member Knowledge Center for free webcasts, publications and online courses.
Hear from leaders around the globe as they share insights about their experiences and lessons learned throughout their certification journey.
RAPS recognizes that the current situation in Ukraine impacts our members and customers on many levels. If you are directly impacted by the current situation in the region and are challenged to meet your deadlines or obligations to RAPS, please reach out to firstname.lastname@example.org so that we can defer those challenges. Your health and safety are paramount to us.
Posted 01 December 2014 | By Alexander Gaffney, RAC,
Regulatory professionals, watch out: A group of hackers is targeting pharmaceutical and medical device companies, and eyeing regulatory professionals as a way past corporate firewalls.
The New York Times is reporting that a group of investment-oriented hackers has been targeting more than 100 companies—"the vast majority publicly traded healthcare or pharmaceutical companies"—in a bid to gain a "market edge."
The attacks are remarkable, The Times noted, in that the hackers seem to correspond in perfect English and have a deep understanding of the regulatory language of the healthcare sectors they are targeting.
"Different groups of victims — frequently including top-level executives; legal counsel; regulatory, risk and compliance officers; researchers; and scientists — are sent different emails," Times reporter Nicole Perlroth wrote, citing the research of the security company FireEye, which first uncovered the hacking network now called "Fin4."
The hackers appear to be after as-yet undisclosed regulatory information, including product safety reports, investigation results and audits.
The Times report the hacking group accesses this information by prompting its victims to login to a fake email system "designed to steal the victim's credentials." The group then quietly pores through the user's email account, looking for valuable information.
New York Times report
Tags: Hacking, Hackers, Regulatory Professionals, Email