Oxford University has confirmed that one of its biology laboratories that is researching ways to combat the COVID-19 pandemic has fallen victim to a cyberattack. Details about the incident at the Division of Structural Biology (Strubi) were released by Forbes.
“We have identified and contained the problem and are now investigating further. There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Center and are working with them,” an Oxford University spokesperson was quoted as saying.
The spokesperson gave assurances that the hacked systems didn’t contain any patient data and that patient confidentiality wasn’t breached. The Information Commissioner’s Office, the United Kingdom’s data-privacy watchdog, has also been briefed about the incident.
Although the lab isn’t directly connected to the development of the Oxford University-AstraZeneca vaccine, its scientists are analyzing the behavior of COVID-19 cells and are looking into ways to prevent the cells from causing harm.
Forbes disclosed that it received information about the breach from Hold Security’s chief technology officer Alex Holden, who shared screenshots of hackers’ access to Oxford University’s systems. Apparently, the cybercriminals gained access to lab equipment that could control pumps and pressure. Based on the times and dates visible on the controls, the threat actors had access as recently as February 14th.
Oxford’s spokesperson confirmed as much, adding that the lab equipment that was accessed is used to purify and prepare biochemical samples, such as proteins, including those that were used in the lab’s coronavirus research.
Per the report, the hack doesn’t seem to be the work of an Advanced Persistent Threat (APT) group. Holden said that the perpetrators have a growing list of victims, including several Brazilian universities, and have been known to utilize ransomware to squeeze their targets for money.
At any rate, the incident brings echoes of a recent incident where cybercriminals broke into the European Medicines Agency and stole and then leaked documents related to COVID-19 vaccines.