search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBER SECURITY


2006, he was not referring specifically to clinical trials data, but the phrase certainly applies here. Contract research organisations (CROs) understand the importance of data security, but their emphasis since the passage of the US Health Insurance Portability and Accountability Act of 1996 has been on protecting patient personal health information (PHI). Everyone involved in a clinical study shares responsibility to protect PHI from being breached. Healthcare organisations have become the leading target for cybercriminals1


W .


It is not merely that clinical trials are a PHI-rich target; clinical trials data is known to have significant value to the companies running the trials. A company’s intellectual property (IP) – of which clinical trials data is often among the most important and valuable – can easily constitute 80% of a company’s value2


. Indeed,


this is especially true for start-ups where IP can account for 100% of a company’s value and where the successful completion of a pivotal clinical trial represents a significant milestone tied to both regulatory clearance and company valuation. An estimated 95% of all cyber attacks on ‘life science’ businesses target intellectual property, and the aggregate impact of these attacks was estimated at $295m – $363m in lost revenue in 2018 alone2


. Failure and delay in clinical trials can have


catastrophic consequences for the founders, investors, and patients, including: • Cost of repeating a failed clinical trial • Loss of future revenue as a result of a delay in product launch


• Impact on valuation (or stock price) due to loss of confidence by patients, investors, etc


• Fines due to a PHI breach • The threat of delay or of having to repeat a corrupted trial, in addition to the fines associated with a PHI breach and impact on reputation and brand. Competitors and even nation states,


potentially enabled by malicious insiders, may act as agents as well. This may seem far-fetched, but it is happening today3


. For


example, in 2017, Chinese spies stole IP data from a US storage technology company to


54 | Outsourcing in Clinical Trials Handbook


hen Clive Humby, a British data scientist and entrepreneur, coined the phrase “data is the new oil” in


“An estimated 95% of all cyber attacks on ‘life sciences’ businesses target intellectual property, and the aggregate impact of these attacks was estimated at $295m – $363m in lost revenue in 2018 alone.”


benefit China’s healthcare system4 .


Even after an attack is over, the ransom has been paid, and the data decrypted, there may be lingering doubts about the integrity of the trial data that impacts submissions, approvals, investors, clinicians, and patients.


Decentralised clinical trials Over the past decade, there has been increased reliance on outsourcing clinical trials to speed up recruitment, lower costs, etc5


. This trend has accelerated because of the pandemic6 . as


decentralised clinical trials (DCTs) that “meet patients where they are” have become not merely a convenience but a necessity7


The consensus is that DCTs are here to stay8 ,


but with the inherent benefits of decentralisation come risks. DCTs rely on more sophisticated connections between organisations involved in the study (sites), as well as reliance on a variety of devices required for remote monitoring that introduce significant vulnerabilities. In the cyber-security parlance, they have a broad “attack surface.” Ransomware is the fastest-growing form


of cybercrime across all industries including healthcare9


manage data in hundreds of clinical trials was the target of a ransomware attack10


. In October 2020, software used to . In this


attack, clinical trial data was “encrypted in place” and study sponsors and managers were effectively locked out until a ransom was paid. Among the clients impacted by the attack were IQVIA (a CRO managing AstraZeneca’s COVID-19 vaccine trial) and Bristol Myers Squibb. Clinical trials managers were forced to implement contingency plans including manual operations, and studies were delayed11


. In the face of the rise in cybercrime focusing


on IP and clinical trials data, the need to recognise security more broadly as a business risk, as well


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100