Stolen COVID Data Were Altered Before They Were Leaked
The hackers who stole COVID-19-related data from the European Medicines Agency (EMA) altered it before posting it on the dark web. The data pertain to the BNT162b2 vaccine, which was jointly developed by Pfizer and BioNTech. According EMA's most recent update on the cyberattack, "some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines." Amsterdam-based EMA evaluates applications for medicines to be marketed in the European Union.
The integrity of data has always been the most overlooked element of the Confidentiality Integrity Availability triad, but there have been many attacks over the years (most aimed at stock price manipulation) that modified critical data. At a Cybersecurity Moonshot Initiative stakeholders' workshop back in 2019, we highlighted fighting "deep fakes" and disinformation as top of the priority list - more focus on hardening the information is needed.
Think digital signatures, hashes (TripWire), and blockchain.
William Hugh Murray
Beyond encrypting data at rest and in transit, data integrity, particularly for official records, needs to be verifiable to detect tampering. Consider digitally signing official correspondence and records. Just as you check the digital signatures for software updates, the same capabilities need to exist for official formation.