It was announced on December 9 that the European Medicines Agency had suffered a cyber incident. The agency, based in Amsterdam, first disclosed the breach. In a statement, the agency said only that the EMA had been subject to a cyberattack and that it had begun a joint investigation along with law enforcement. There was no mention of when the hack happened or whether the attackers sought vaccine information, tried to infect the network with ransomware, or wanted to pursue some other purpose. An EMA spokesperson said in an email that “the Agency is fully functional, and work continues.”
As a result of this cyber incident, The EU has responded by promising to change its Cyber Security rules. According to AP News, “The EU last year recorded around 450 cyber incidents involving European infrastructure, notably in the financial and energy sectors, and the pandemic has highlighted Europe’s deep dependence on the internet and exposed security weaknesses.” The current cyber security rules date back to 2008 and need an update. The new rules would also allow the EU to impose hefty fines on violators.
The main aim of the strategy is “to ensure a global and open Internet with strong safeguards where there are risks to security and the fundamental rights of people in Europe.” In addition, The new cyber strategy would focus on “protecting essential infrastructure like electricity grids, heating systems, gas and hydrogen plants as well as air, rail, water and road links. Financial market and health infrastructure would also be among the priorities.” The EU would also like to strengthen sanctions related to cyber incidents, and allow sanctions to be imposed by majority vote, rather than unanimously as is the case currently. It is expected the new rules could come into play within 18 months of an agreement by the 27 EU nations.
What do you think about the EU’s response to this breach? Please comment below and let us know your thoughts.