How the EU fell victim to vaccine cyberattacks and why this matters for tackling vaccine mistrust

written by Remina Aleksieva and Alexandra Anoja, EuH UCL

Published as part of European Horizons Spring 2020 policy priority series on Defending Democracy Against Cyber Threats and the Northern Chapters Publications Initiative on Interference in Elections.

CBS News

Cyberattacks have been an increasing threat to citizens, companies and governments, as our lives are becoming more and more dependent on the use of technology amidst the pandemic. This presents not only a caveat to democratic processes, but also to individuals to trust that the information they both provide and obtain is legitimate. Vaccine hesitancy is on the rise around the globe — it is estimated that only 44% of citizens report willingness to inoculate immediately. Government mistrust levels are also high, which suggests that now it is a crucial time to act to save lives, as well as democracy.

The European Medicines Agency fell victim to a major cyberattack in December 2020, with hackers managing to gain access to documents relating to the Pfizer/BioNTech Covid-19 vaccine. However, this incident is far from being the only cyberattack — 2020 witnessed a growing and worrying trend of healthcare organisations and institutions being targeted in cyberattacks across the world.

After the December cyberattack, the European Commission outlined a cybersecurity strategy aimed at providing digital protection for all industries and sectors. This strategy seeks to increase the cyber resilience of institutions and organisations particularly at risk such as hospitals, research labs and distribution chains. It also aims to build operational capacity to prevent, deter and respond to cyberattacks in time, and strengthen global cyber capacity-building efforts. What these incidents show is that cyberattacks are also political. These attacks serve to not only access sensitive data, but also to undermine governments and political institutions, even more so when the race for a covid vaccine is perpetuated.

Discussion surrounding data and privacy hacking has been a recent topic, especially in terms of debate regarding how big tech companies handle users’ private data. Consequently, citizens have grown more concerned about cybersecurity and invasions of data privacy. It therefore becomes even more crucial to effectively communicate the European Commission’s cybersecurity strategy and how it tackles citizens’ concerns in today’s climate where scepticism and mistrust of vaccines is taking root.

Whilst vaccine supply has been a challenge for the European Union, vaccine scepticism and mistrust also presents a serious barrier when seeking to end the pandemic. With the aim to inoculate 70 percent of its adult population by late July 2021, the EU needs to have a cybersecurity strategy that instills confidence in European citizens taking the vaccination. The political nature of the recent cyberattacks contributes to the politicisation of the pandemic, as state and non-state actors may be more willing to impede and manipulate democratic processes to increase their political support. This also contributes to a process of polarisation that is intensified by misinformation about the effectiveness of vaccines and politicians’ strategic engagement.

The newly introduced cybersecurity strategy indeed serves as a basis for further development of EU’s cybersecurity. But it appears that EU’s legislation in the current climate may need to stretch far beyond what was anticipated. The strategy is not only competing with the ever-growing process of technological innovation, but also the vast amount of information that every European citizen is exposed to. We have already seen efforts made with the Digital Services Act (DSA) to regulate Big Tech companies.

But this is only the beginning of a more refined information management. European digital legislation needs to catch up fast though to account for vaccine misinformation now. The pandemic proves to be the right time for this process to be accelerated to limit vaccine hesitancy, thus contributing not only to solving the coronavirus crisis, but also strengthening democracy.

Remina Aleksieva is pursuing an MSc in International Public Policy at UCL. She is interested in behavioural science based policy-making, education and environmental policy, and Central and Eastern European politics. She hopes to bridge and gap between science and policy and contribute to cybersecurity legislation that protects democracy and human rights.

Alexandra Anoja is a student at UCL reading Italian and Management. She is keen to explore the benefits and limitations of technology within democracy and diplomacy.

TTP, formerly known as the IDEAS blog, is the official blog of European Horizons, created to give students a voice on transatlantic policy. Views are not EuH’s.