2 min read

International vaccine "cold chain" subject of cyber espionage

Rikin Shah December 9, 2020

Healthcare cybersecurity news
Illustration of a refrigerated truck with thermometer, snowflake, and sun icons representing cold chain logistics

As a partner in the distribution of the COVID-19 vaccine, IBM uncovered a cyber espionage campaign directly aimed at the “cold chain” process that keeps mRNA-based SAR-CoV-2 vaccines at the right temperature during delivery.  While the identification of the hackers is still unknown, the fact that they are targeting vaccine distribution indicates that they may be a nation-state instead of your run-of-the-mill cybercriminal looking to make a quick buck.  The methods nation-states use when hacking typically come in the form of an Advanced Persistent Threat (APT) that can remain in a system for months without discovery as the hacking team gathers more and more intel about the subject it is spying on.  Foreign threat actors have targeted numerous countries that are active participants in vaccine research and development. 

 

How it happened

Cold Chain Equipment Optimisation Platform of Gavi (CCEOP) is an organization that spans six nations and is partnered with large corporations including the World Health Organization, Unicef, World Bank, and the Bill and Melinda Gates Foundation. These companies contract out to smaller firms to physically distribute vaccines.  Hackers impersonated a Chinese CCEOP executive and sent phishing emails to partner companies involved in the trucking and transportation portion of the cold chain process, another aspect of the hack that has clued cyber espionage trackers as to the nation-state nature of the attacks.  Understanding the infrastructure a government uses for vaccine distribution is high-value intelligence that can have a nationwide impact on all aspects of life. How vaccines are purchased and their movement varies by country, and stolen intelligence can help other countries that might be facing similar issues.  Companies like solar panel manufacturers that keep the vaccine cold, software developers, and website development companies that support pharmaceutical clients and biotechnology manufacturers have all been targeted, likely by Russian, Chinese, Iranian, and/or North Korean threat actors. 

 

Staying on high alert

The CISA (Cybersecurity and Infrastructure Security Agency) has issued an alert that storage companies should be on guard for potential hacking from foreign adversaries due to the high stakes and the national importance that vaccine distribution has on citizens and business interests.  At the moment, experts believe foreign adversaries are more focused on intelligence gathering than research disruption in companies in both the UK and the United States. 

 

What you can do

If you are a company involved in the distribution of the COVID-19 vaccine, you will obviously want to take CISA’s advice on how to protect yourself.  Additionally, companies can take matters into their own hands by partnering with a team that has years of experience in matters like this and is uniquely prepared to meet the challenges of APTs and foreign threat actors. 

 

How Paubox can help

Paubox is committed to providing safe and secure email solutions for healthcare and research organizations that are involved in high stakes communications. The importance of secure communications is paramount because having resources hacked can unravel months of intensive work. Paubox Email Suite Plus has trust and compliance baked in with our  HITRUST CSF certification , the gold standard in HIPAA security frameworks.  In addition to multi-factor authentication that ensures only verified users are getting access to your account, Paubox Email Suite also makes use of zero-step encryption that automatically encrypts all emails, including ones that include sensitive information like patient data, a critical aspect of HIPAA compliant email Additionally, had some of the vaccine distribution victims partnered with Paubox, they could have potentially avoided the “Chinese executive '' phishing scam through our ExecProtect feature that identifies and quarantines (pun intended) display name spoofing emails.  The development, manufacturing, and distribution of vaccines for the pandemic has been one of the most ambitious undertakings of the 21st century. It only makes sense that there would be malicious actors that want to take advantage of any potential vulnerability. Make sure your email communications are safe and secure by partnering with Paubox. 
 
Try Paubox Email Suite Plus for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Circular cybersecurity badge with globe and repeating text reading Cyber Security

Phishing ploy targets COVID-19 vaccine distribution

Sara Nguyen : January 29, 2021

IBM security researchers have discovered an email phishing campaign targeted at companies involved with the cold chain distribution of the COVID-19...

Email security Healthcare cybersecurity news
Read More
Cybersecurity threats illustrated with warning envelope, locked padlock, skull shield, binary code, and database icons

UH Cancer Center confirms patient data stolen in ransomware attack

Picture of Farah Amod Farah Amod : January 26, 2026

The center disclosed that research files containing sensitive patient information were taken during an August 2025 intrusion.

Healthcare cybersecurity news
Read More
Image of a practicioner on a computer.

What is a cyber-physical attack?

Picture of Tshedimoso Makhene Tshedimoso Makhene : April 15, 2026

A cyber-physical attack is a type of security attack that targets systems where digital (cyber) components control physical processes. These systems...

Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.