• Trial Talks Podcast
  • COVID-19
  • Blog
  • Client Login

Cybersecurity – A Concern In Clinical Research

by Fred Martin

Blog

The intersection of technology and healthcare has major implications, ranging from encouraging to ominous, for innumerable interested parties. Technological innovators and enthusiastic adoptees tout the potential for technology to improve care and accelerate the development of new treatments and even cures – and they’re not wrong to do so. Part of this, however, is the unavoidable reality that the good guys aren’t the only ones with the power to wield technology, to great effect, in healthcare. The major, multinational cyberattack that hit the healthcare sector in 2017  and even more recently the clinical trials ransomware attack in 2020 are reminders of the importance of cybersecurity in protecting health data from tech-savvy parties with nefarious intent.

In clinical research, the advent of technologies like EDC and eSource makes cybersecurity just as important as anywhere else in the healthcare sector. Without a strong apparatus for protecting clinical data, eClinical tools quickly become just as much of a liability as a solution. Here are three reasons cybersecurity is of the utmost importance in clinical research.

Patient Privacy

There are many avenues through which an individual’s personal information can be made vulnerable – one can be hacked as a bank customer, credit card user, and in any number of other contexts. But patients in the healthcare sector are perhaps most at risk. Electronic health records (EHR) are full of patient information of great value on the black market, and many hackers would love nothing more than to get their hands on it. Against this backdrop, it’s crucial for clinical researchers to do everything in their power to keep the personal information of clinical trial patients secure.

In 2016, the FDA released guidance for the use of EHRs in clinical trials – as the clinical research industry works to overcome the barriers to integrating EHRs with eClinical tools, the imperative to ensure that patient privacy is protected by a solid cybersecurity apparatus will become even stronger.
 

Intellectual Property

In clinical research specifically, much of the premium placed on cybersecurity stems from business concerns. The data gathered in clinical trials ultimately decide the competitive potential of the drug, device, diagnostic tool, or vaccine on trial, and as such is considered sensitive intellectual property. If that data is stolen before a treatment is approved and arrives in market, sponsors stand to lose big in market exclusivity. Cybersecurity in clinical research, then, is not just an ethical imperative – it’s an economic one. 

Company Reputation

Among the many lessons that recent events have taught us about healthcare cybersecurity, one of the biggest is that hacks make a lot of noise. And for better or worse, a loud headline can quickly and drastically alter a company’s reputation in its industry. If a contract research organization (CRO) suffers a data breach, a whole range of conclusions, both about the CRO and the eClinical solutions they use, can follow: that the electronic systems that store the medical data aren’t properly encrypted, or that the company hasn’t invested in modern cybersecurity precautions like two-factor authentication. The optics can make it difficult for CROs and eClinical software vendors alike to win favor among sponsors.

The coming years will likely continue to be a busy time for the healthcare industry as it continues the process of adopting new technology. Throughout this process, it’s essential that a strong focus on cybersecurity be part of the equation.

How Does Medrio Address Cybersecurity?

We contract with Google Cloud Platform to house and secure our servers in restricted access locations. Google maintains SOC 1, 2, 3 Reports, ISO 27001, ISO 27017, ISO 27018, Cloud Security Alliance, PCI Compliance, HIPAA, CJIS, EU Model Clauses, and Privacy Shield compliance. Medrio audits Google periodically as part of a Vendor Assessment program. We are committed to delivering solutions and software that exceed customer expectations and meet or exceed regulations. 

Want More Details on Medrio Security and Compliance?