A lab studying COVID-19 at the University of Oxford has been targeted by a cyberattack with at least some access gained to internal systems.

First reported Feb. 25 by Forbes, the attack on Oxford’s Division of Structural Biology is believed to have occurred around the middle of February. Officially Oxford University is describing it as an isolated incident, although Forbes noted that the hackers has been showing off access to a number of systems, including machines used to prepare biochemical samples.

“We have identified and contained the problem and are now investigating further,” an Oxford University spokesperson said. “There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Center and are working with them.”

Oxford, along with British-Swedish multinational pharmaceutical company AstraZeneca plc jointly offers the Oxford/AstraZeneca COVID-19 vaccine that is being actively used or is in the process of being rolled out to 136 countries.

This isn’t the first time a company or organization studying and producing COVID-19 vaccines has been targeted and/or data stolen. Data on the Pfizer-BioNTech COVID-19 vaccine stolen in December was subsequently published online by those behind the hack in January.

Hackers also leaked data stolen from a medical research company studying COVID-19 in March, while it was disclosed in November that North Korean hackers were targeting staff at AstraZeneca. And the U.S. Department of Treasury Financial Crimes Enforcement Network warned Dec. 29 that hackers were targeting vaccines and distribution with fraud, ransomware and other types of criminal activity.

“Criminals will go wherever they see value,” Jonathan Knudsen, senior security strategist at electronic design automation company Synopsys Inc.’s Software Integrity Group, told SiliconANGLE. “Right now, information about COVID vaccines is highly valuable, especially to nation-states hoping for strategic advantage. And what’s the easiest way to steal information? In many cases, it’s probably a software-based attack.”

Knudsen noted that scientists might not put cybersecurity front and center in their daily work, but it’s as important for them as it is for any other type of organization.

“The same fundamentals apply for any organization: identify assets, figure out what can go wrong and apply protection,” he said. “Basic cybersecurity training is essential for lab workers, just as basic safety training is essential for factory or warehouse workers. Recognizing the value of data and computing resources will put protection efforts into the proper perspective.”

Photo: Tejvan Pettinger/Flickr