Cyberattacks: It’s Not “If,” But When

Applied Clinical Trials, Applied Clinical Trials-08-01-2021, Volume 30, Issue 7/8

One misclick by an employee can lead to a number of critical issues including clinical data breaches.

Our main feature this issue is about the future challenges for clinical trials. The article focuses on adaptive trial design, trial designs using synthetic control arms, increased use of biomarkers, increased use of technologies and data sharing, and increased value creation in Phase I and Phase II. All of these will help future proof the industry.

And our contributor did highlight some of the barriers to these progressive goals, whereby risk aversion among sponsors, and education for the general public and healthcare practitioners about clinical trials, would go a long way.

But there is one aspect of not only clinical trials, but all of pharma, healthcare and every other industry, that is a consistent threat to the future. And that is cyberattacks. We edited out the cyberattack discussion in the originally submitted article because it’s such a larger discussion, we didn’t want to confine it to a mere mention for the future of the industry. However, we aren’t taking a deep dive on the topic until early next year, so this is just a toe dip.

Ken Getz, regular contributor to Applied Clinical Trials, Deputy Director & Research Professor Tufts Center for the Study of Drug Development, and founder of CISCRP, noted that cyber piracy “is a huge concern, especially with how valuable data is. More and more steps will be taken to protect against cyberattacks.” Brigid Flanagan, founder of Oriel Research Services, Ltd., a clinical operations consultancy based in Ireland, noted a recent large breach in the Irish Health System two months ago. “Radiology was the worst hit. Physicians are manually writing down orders, and walking them to the lab, it’s been a nightmare.” And it all happened with one employee clicking on a bad link.

Flanagan suggests that sponsors validate the systems of those they are partnering with, and ensure the security of all cloud systems. As for wearables that collect personal information: “If patients are using their own phones, that can tell [the cyberattackers] where a person is located.” She advises her clients in the EU not to let participants use their own phone for this reason.

This link from the Center for Strategic and International studies outlines significant cyberattacks in the past 15 years, mostly on a governmental level. However, clinical trials specifically, and healthcare in general, is not immune, as noted in this article.

For most companies, balancing IT budgets to both advance digital transformation as well as cybersecurity protections can be difficult. For that reason, it’s been noted that IT security could be moved its own department.

Lisa Henderson is Editor-in-Chief of Applied Clinical Trials. She can be reached at lhenderson@mjhlifesciences.com.