Liam Rogers on the Importance of Digital Services in Safeguarding Cyber Networks

A job title can tell you a lot about what a person does. Consider Liam Rogers’ title: Senior Global Manager, IT Strategy and Planning, NSF Health Sciences. It does reveal a great deal, but maybe not the whole story.

“My job is to look for IT growth opportunities and develop digital services that combine the best of NSF resources internally with our external partners,” Rogers says. “Health Sciences includes five groups: Medical Devices, Training, Pharmaceutical Consulting, Health Science Certification and Clinical Research. Which means that my daily tasks can vary depending on the specific opportunity at hand.”

For Rogers, the priority is developing digital services and ensuring that Health Sciences networks run efficiently and securely. With those vital duties covered, he then makes sure that communications with the division’s pharmaceutical, medical device and diagnostic clients are also executed in the same way. This is the new reality for IT professionals: They are responsible for overseeing and safeguarding both internal workflows and external client communications.

NSF’s Health Sciences division provides consulting, auditing and certification services to pharmaceutical, medical device and in vitro diagnostic companies in the United States and countries around the world. These include customized, end-to-end services across the life cycle of a company’s products. The goal is to work with clients to ensure regulatory compliance, quality management systems, and maximum product quality and safety. Just imagine the challenges and the complexity involved.

Pharmaceutical consulting is an important part of the work that NSF’s Health Sciences teams do — and that Rogers and his team support in terms of network operations and security, which is even more critical given the increase in cyberattacks in the pharmaceutical sector in recent years. A good number of these hacks have targeted vaccine makers — not surprising considering the urgent need for effective vaccines in the wake of the devastating worldwide COVID-19 pandemic and its aftermath.

In December 2020, the European Medicines Agency (EMA) announced that it had been the target of a cyberattack. During the breach, a slew of documents related to the BioNTech, Pfizer vaccine was illegally accessed, according to authorities. The cybercriminals, whose identities have remained a secret, accessed highly confidential documents, emails, presentations and EMA peer review comments that had been filed with the agency.

Around the same time, North Korean hackers used a spear-phishing campaign to target pharmaceutical giant AstraZeneca. Posing as job recruiters on LinkedIn and WhatsApp, the hackers approached staff, including those working on the COVID-19 vaccine, with job offers that turned out to be fake. The intent was to gain access to AstraZeneca computers and internal data. According to The Wall Street Journal, Johnson & Johnson and Novavax were also targeted.

In a recent report on ransomware trends impacting the industry, the cybersecurity firm Black Kite noted that pharmaceutical companies’ cyberattack risk averages $31.1 million per year. The report cited medium-sized pharmaceutical companies as having the highest susceptibility to ransomware and concluded that data management vendors pose the most significant financial risk ($6.2 million) annually to pharmaceutical manufacturers.

For Rogers and his IT team, recent cyberattacks on pharmaceutical companies have only underscored what they already knew from experience: that the network infrastructure they have been entrusted with requires constant, round-the-clock monitoring both internally, within NSF operations, and externally, with client interactions. This is simply a fact of life given how companies use the digital supply chain and the pharmaceutical consulting work that health sciences staff perform for clients.

“Understanding security and compliance needs within the industry allows us to apply and adopt solutions that meet regulatory requirements,” Rogers says. “This keeps sensitive data in the right place, with the right encryption level and protected behind the right systems.”

Spoken like an IT pro comfortable with a role that requires deep knowledge and expertise applied across countries and continents — and who is fine with a long job title that may only tell part of the story.