Safeguarding patient data is crucial for Pharmaceutical companies

Over the past 12 months, the digital threat landscape has evolved significantly, with COVID-19 being used as common bait to deposit ransomware in networks. 

The pharmaceutical industry possesses sensitive information such as R&D data, patents, and patient information, making them a prime target for hackers. Unauthorised access to sensitive information has threatful implications including loss of public trust, stolen intellectual property, and significant revenue losses. 

The Cost of Pharma Data Breaches 

Cybersecurity breaches inflict huge costs on pharmaceutical companies. Estimates from 2020 place the average cost of an attack at US $5.06 million, which is 1.3 times the global average. 

Apart from the monetary aspect, cybersecurity breaches can disrupt clinical trials which can prove even more expensive. To avoid this, companies need to map out what data is held, how it is processed, and what regulations, if any, should be met when handling clinical data. Any digital platform implemented by pharmaceutical companies to improve the patient experience, or the efficiency of business operations must be integrated with stringent data protection measures to ensure the security of personal health information. 

Protecting Patient Data is Imperative

With accelerated digitalisation brought on by the pandemic, there is heightened risk of cyber-attacks, particularly in the pharmaceutical sector. Pharmaceutical companies are looking for ways to safeguard patient data, as well as commercially valuable information such as patents and intellectual property. Leveraging new technologies can help pharmaceutical companies protect patient data and minimise their vulnerability to cyber-attacks. This, coupled with solutions that encrypt sensitive data and enable early threat detection, can build confidence within the public around the use, processing and storage of their personal health information. 

What Makes Pharma a Prime Target? 

There are a couple of reasons why cyber-criminals find the pharmaceutical industry a tempting target.

1. Patient data can be sold online

Pharmaceutical companies handle personal health information from clinical trial participants, including medical histories, laboratory results, biometric information, and more. All of this is valuable to hackers. Medical identity theft can lead to spurious medical claims or cyber-criminals opening new lines of credit and accessing insurance details. 

2. There is more medical data available digitally today than ever before 

In the digital era, there are many sources through which personal health information is being collected. This includes electronic medical records, clinical trials, fitness apps, and wearable devices. Despite concerns regarding data confidentiality, the popularity of smart devices and wearables continues to grow. 

How the Pharma Industry is Protecting Patient Data

With the amount of data generated globally expected to reach a trillion gigabytes by 2025, governments are recognising the need to protect patient data, which includes the General Data Protection Regulation (GDPR). 

Several emerging technologies can help pharmaceutical companies safeguard data. Blockchain, for example, can better manage data collected from clinical trials, encrypt patient data, and prevent unauthorised access to identifiable information. 

Pharmaceutical giants and academic institutions are already testing blockchain to manage supply chain challenges and clinical trials. Blockchain offers transparency and traceability of information. Several industry-led initiatives are already underway to convince regulators such as the US Food and Drug Administration (FDA) of the viability of implementing blockchain for clinical trial management. 

The digitalisation of life sciences has led to the industry becoming increasingly more data-rich. While digitalisation has the potential to drive sustained growth and create new value streams, loopholes in cybersecurity protocols can result in unauthorised access to research, corporate and patient data of commercial value. Additionally, a lack of compliance with security standards and regulations can lead to substantial fines, amounting to millions of dollars. To this end, progress is already underway, with organisations investing in encryption and intrusion prevention systems. Ultimately, digital solutions must leverage cutting-edge technologies along with total cybersecurity compliance to drive sustained growth, without compromising the security of patient data.

by Subhro Mallik, SVP and Global Head Life Sciences, Infosys.