Special Feature
Part of a ZDNet Special Feature: Coronavirus: Business and technology in a pandemic

Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day

Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers.

Marene Allison, the Chief Information Security Officer at Johnson & Johnson, one of the companies involved in the research and development of a COVID-19 vaccine, said this week that healthcare organizations like her employer are seeing cyber-attacks from nation-state threat actors "every single minute of every single day."

latest developments

Coronavirus: Business and technology in a pandemic

From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19.

Read More

Allison's comments come after on Wednesday, the Wall Street Journal reported that Johnson & Johnson was one of six COVID-19 research companies that have been targeted by North Korean hackers seeking vaccine information.

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

"Healthcare companies literally have seen an onslaught [of cyberattacks] since March 2010," Allison said on Thursday in an online panel at the Aspen Cyber Summit.

"That is the day that the Chinese actually started a hard knock of most of the healthcare in the United States."

"Meredith and I, and in all CISOs and healthcare [organizations], are seeing attempted penetrations by nation-state actors, not just North Korea, every single minute of every single day," Allison said, referring to Meredith Harper, CISO at Eli Lilly, another pharmaceutical company involved in the COVID-19 response, also present on the online panel.

The Johnson and Johnson CEO said that "with the vaccine in development," her company is now "on a grander stage."

Allison also said that her company doesn't "have the resources to know where [an attack] came from," or what attackers are actually going after, but instead has been working and relying on H-ISAC and CISA to identify and classify cyber-attacks.

All in all, Allison said Johnson & Johnson saw a 30% uptick in cyber-attacks targeting the company, but that they couldn't tell how much was COVID-19-related.

"There's only going to be so many people who could get information and turn it into a vaccine," she said. "Then we're going to have the

group of people who just decide that 'well I don't want the world to have a vaccine'.

"For us, inside, it's really not much of a difference," Allison said.