Improving Physical & Cyber Security Integration in the Pharma Industry

The tragic killing of UnitedHealthcare CEO Brian Thompson on December 4, 2024, outside a Manhattan hotel sent shockwaves through the healthcare and pharmaceutical industries. Described by police as a “premeditated, preplanned targeted attack,” the incident underscored the escalating risks faced by executives in high-profile sectors like pharmaceuticals. For security professionals, this event serves as a stark reminder of the urgent need to integrate physical and cybersecurity strategies to protect personnel, assets and operations in an industry increasingly targeted by sophisticated threats. Many Pharma and related companies did not and still does not even have a proper security function and in most cases had/has a “Fire & Forget” approach on travel management and duty of care operations. In many cases, a policy/service from a service provider was purchased for a check in the box and that was it.

The Evolving Threat Landscape in Pharma

The pharmaceutical industry is a prime target for both physical and cyber threats due to its high-value intellectual property, critical supply chains and public-facing role in healthcare. The “Brian Thompson killing”, allegedly perpetrated by Luigi Mangione, who expressed animus toward the healthcare industry, highlighted how public frustration with healthcare practices can manifest in violent acts. Mangione’s writings and actions reflected broader discontent, amplifying the need for robust security measures to address both ideological and opportunistic threats.

Cyber threats further complicate the landscape. A 2025 post on X noted that while the pharma industry has made strides in cybersecurity, threats are outpacing these efforts. Cyberattacks, like the February 2024 breach of UnitedHealth’s Change Healthcare unit, which potentially compromised data of a third of Americans (estimated total of 190 million people), demonstrate how digital vulnerabilities can disrupt operations and erode trust. The interplay of physical and cyber risks, such as physical breach enabling malware installation or a cyberattack disabling security systems, demands a unified security approach.

Lessons from the Unitedhealth Incident

The Brian Thompson tragedy exposed critical gaps in executive protection and organizational security in the Pharma and related industry. UnitedHealth spent $1.7 million on executive security in 2024, with significant expenses incurred post “Brian Thomson” incident, indicating a reactive rather than proactive approach. Other pharma giants, including Johnson & Johnson and Eli Lilly, also increased security spending, signaling industry-wide recognition of heightened risks. The incident prompted companies to remove executive photos from websites and shift to remote shareholder meetings, reflecting a scramble to adapt to an “enhanced security risk environment.” In comparison, companies working in the Mining, Construction and Oil & Gas industries, typically work in austere environments globally and often dealing with aggressive activism, hence being better prepared industries to deal with an incident like the UnitedHealth CEO killing.

For security professionals, the key takeaway is the need for proactive integration of physical and cybersecurity teams. The Thompson killing occurred ahead of an investor conference, a high-visibility event that should have triggered heightened physical security measures. Meanwhile, UnitedHealth’s earlier cyberattack highlighted vulnerabilities in IoT-enabled security devices, such as cameras, which could be exploited to facilitate physical breaches. A siloed approach—where physical security focuses on access control and cybersecurity on network protection—leaves organizations exposed to hybrid threats that exploit both domains.

A Blueprint for Integrated Security

To combat these risks, pharma companies must adopt a holistic security framework. First, establish a unified security operations center (SOC) that integrates physical and cyber monitoring. Real-time correlation of access logs, surveillance footage and network activity can detect anomalies, such as unauthorized entry paired with unusual data access. For example, a 2023 SANS Institute study found that integrated SOCs reduced incident response times by 40%, a critical advantage in fast-moving threats.

Second, invest in cross-training. Physical security teams should understand cyber risks, such as phishing attacks that could disable alarms, while cybersecurity teams need awareness of physical vulnerabilities, like unsecured edge devices, server rooms, or executives traveling without holistic security protections. Joint simulations of hybrid attacks—mimicking scenarios where physical breach enables a data theft—can build coordination and trust.

Third, leverage technology to bridge domains. AI-driven analytics can integrate video surveillance with network monitoring to flag suspicious patterns, such as an employee accessing a restricted area during a cyber intrusion. Biometric authentication and tamper-proof hardware can secure critical infrastructure, while regular penetration testing of IoT devices ensures digital resilience.

Finally, prioritize executive protection. The Brian Thompson case revealed how executives can become lightning rods for public anger. Security professionals must conduct threat assessments tailored to high-profile leaders, incorporating intelligence from social media and deep & dark web monitoring to anticipate risks. Enhanced measures, such as secure transport and event-specific security plans, are non-negotiable.

Overcoming Barriers

Integration faces challenges, particularly in the pharma industry, where regulatory pressures and complex supply chains complicate security efforts. Organizational silos often separate physical security (under facilities or health and safety) from cybersecurity (under IT), hindering collaboration. Budget constraints may limit investments in unified platforms or training, while cultural differences like physical teams prioritizing tangible threats, cyber teams focusing on digital risks can impede alignment.

Leadership must drive change by aligning security goals across departments and allocating resources for integrated solutions. The $1.7 million UnitedHealth spent on executive security in 2024, while significant, pales against the $288 billion stock value loss following Thompson’s killing and related setbacks. Proactive investment in integrated security is not just cost-effective—it’s existential.

The Path Ahead

The Brian Thompson tragedy is a wake-up call for the pharma industry. Security professionals must champion a unified approach that anticipates hybrid threats, protects high-value assets and safeguards executives in an increasingly volatile environment. Breaking down silos, leveraging technology and fostering collaboration, companies can build resilience against the next attack, whether it comes through a bullet or a breach. The stakes are too high for anything less.