Cybersecurity Risks and Solutions for Life Sciences Startups

September 01, 2022

By Rahul Mahna

Cybersecurity poses a significant risk to life sciences startups that handle personal identifiable information. In this video, you’ll learn about the risks facing your business and how you can protect your clients and systems.


Rahul Mahna:

By way of background and introduction, my name is Rahul Mahna, and I'm the managing director of the cybersecurity practice at EisnerAmper. What is my job? My job is essentially to protect our clients from the bad guys. In particular, today, I want to talk about life sciences. Life sciences is a very interesting sector that we're seeing a lot of different traffic in. Cybersecurity remains the highest element of risk that many of these organizations face today. Building a cyber resilience program is more important than ever, but it's also important to know who you're trying to protect your systems from.

Right now, the bad guys are coming from all over the world. You see them as hacktivists, hackers with political agendas. You see them as nation state actors with countries that don't seem to like the US and others trying to attack in different methods and means. You see organized crime with gangs and mobs that are trying to do illicit methods and things on the internet.

There's no place it stops or starts for malware and ransomware at this point. Recent statistics provided by WatchGuard Security shows a malware attack happens every two seconds in the US right now. It's pretty amazing what's happening. When you look at who these attackers are trying to target, it's clear that the top four areas that keep coming up are health care, life sciences, financial services, and technology providers. In a recent attack, a hospital was targeted ruthlessly and demanded ransomware just to keep the emergency systems running regardless of the patient needs. Because life sciences is such a highly targeted vertical sector, it contains so much personal information, that hackers focus in on this sector like it carries gold.

One way hackers try to get access to personal information is through the dark web. The dark web is where usernames and passwords are compromised and they can be purchased and rented or sold. What an attacker can do with these compromised credentials is install malware on various systems, they can send spam from these email accounts and they can also deface website properties and host malicious content. They finally can exfiltrate data that they can find and perpetrate it as identity theft.

It's incredibly important for organizations focused in high profile sectors like life sciences to have a very, very strong cyber resilience program in place. Employee training is paramount to protecting an organization. Cybersecurity training, password training, education as an awareness of ransomware are just a few topic areas that are very, very essential. For the overall organization, there should be multiple layers of security and frequent risk assessments and vulnerability scanning performed to ensure these organizations are in proper tip top shape for their cyber program.

In conclusion, cybersecurity isn't just a function within your IT department. It could prevent truly significant operational reputational damage. If you have any questions or concerns, please feel free to start a conversation with us.

About Rahul Mahna

Rahul Mahna is a Partner in the firm and leads the Outsourced IT Services team with over 20 years of experience in IT technologies, software development and cybersecurity services.

More in This Series

Startups: Tax Implications of Hiring Independent Contractors vs. Employees

In this video, you’ll learn about the three worker classification tests, filing requirements, and more in order to make an accurate worker classification/determination and avoid possible tax and legal exposure.

When Do I Need to Get an IRC Sec. 409A Valuation for My Stock Options or Stock Grants?

A 409A valuation is used by private companies to assess the fair market value of their stock. In this video, you’ll learn when a 409A valuation is necessary, the length of time in which it is valid, and which events trigger the need for an update

Capital Raising: What Are My Options—and How Do I Approach Investors?

In this video, you’ll learn about various options for raising capital, tips for creating your potential investor list, and how to approach investors.

What Technology and Life Sciences Companies Need to Know about being Acquired by a SPAC

Becoming a public company through an acquisition by a SPAC is an alternative to the traditional initial public offering (IPO). In this video, you’ll learn some key considerations that a technology or life sciences company should keep in mind before being acquired by a SPAC.

Going Global: How to Report Your Foreign Operations for Tax Purposes

In this video, we’ll examine why reporting on foreign operations for tax purposes is an important matter for technology and life sciences start-ups doing business abroad.

What Tax Considerations Does My IPO Trigger?

Is your company preparing for (or have you recently had) an IPO? In this video, you’ll learn about the impact that an ownership change under IRC Sec. 382 can have on the utilization of net operating loss (NOL) carryovers and other factors that can influence your tax burden.

Medical Device Companies: Consideration for Consignment Inventory and Related Sales Process

Many medical device companies have chosen to deploy a consignment inventory and sales approach for their related products. In this video, you’ll learn about the advantages and disadvantages of this strategy for both the company and third parties, as well as best practices to consider

What Technology and Life Sciences Companies Need to Know About Transfer Pricing—from Start-ups to Large MNEs

In this video, you will learn why transfer pricing is an important focus point for many multinational enterprises in the technology and life science industry.

Capital Raising: Are Financial Instruments Classified as Liabilities or Equity?

In this video, you'll learn about the different accounting ramifications for financial instruments issued to investors by start-ups and why it’s important to properly structure financial instruments upfront for accounting purposes.

Financing for Entrepreneurs: What Are Issuance Costs?

In this video, you’ll learn about “issuance costs” and how to properly account for them based on the type of funding that was raised.

Does My Start-up Need an Advisory Board?

In this video, you'll examine the ways how an advisory board differs from a board of directors; why you might consider forming an advisory board; how you can attract and retain advisory board members; and how you can enhance the effectiveness of the advisory board for your start-up.

What Technology and Life Sciences Companies Need to Know About SOC 1 Reports

Brenda DeSaro explains what a SOC 1 Report is, discusses why companies need to be concerned about these reports even though they likely outsource this work to third-party providers, and outlines a best practices approach.

Entrepreneurship: Behind the Numbers

John Pennett talks about the ingredients for successful entrepreneurship—from early to late-stage enterprises—with “Behind the Numbers” host and senior director at CFGI.