According to the HIPAA Journal, healthcare data breaches hit an all-time high in 2023, with over 133 million patient records breached. That’s more than double the total recorded in 2022. Accelerated by the transition from in-person to virtual care during the COVID-19 pandemic, clinical trials are especially vulnerable to cyber-attacks due to the quantities of sensitive medical information they collect from patients, with the storage of data in the cloud significantly increasing the potential attack surface.
The speed of this transition has meant that many sponsors and CROs (contract research organisations) have struggled to keep pace, often lacking adequate cybersecurity defenses or robust procedures in case of a breach. If hackers exploit such vulnerabilities, this can have disastrous consequences for a clinical trial’s progress, resulting in increased disruption and costs, all of which ultimately come at a price to the patients depending on the development of new clinical treatments.
But the tables are turning. GlobalData forecasts that cybersecurity spending by pharma and healthcare providers and payors will reach a total of $9.77 billion by 2025, impacted no doubt by the growing volume of data collected in clinical trials as Electronic Clinical Outcome Assessments (eCOA) and Electronic Consent forms (eConsent) become the industry standard.
Pharma companies must invest in the right cyberinfrastructure to protect patient data and continue clinical trial operations. Partnering with companies that offer robust redaction and data-safeguarding services can help maintain the integrity and confidentiality that is essential to clinical trials and other healthcare operations.
Understanding the cybersecurity risk
Hackers can steal data from pharma companies in a variety of ways. Methods of attack include phishing, malware, and supply chain tampering, where a third party is hacked to gain access to a client’s network.
Pharma companies raced to adopt cloud technology when the pandemic necessitated the use of decentralised clinical trials (DCTs) and other virtual methods. Partnering with other companies who also store data on the cloud further increases the likelihood of a data breach. Without strong security measures, it is all too easy for a cyberattacker to target those misconfigurations to steal cloud data.
Such breaches have significant consequences for the smooth running of clinical trials. The loss or compromise of clinical trial data can impede efforts for regulatory approval, alongside increasing trial timelines and costs. Any breaches of patient data may subject companies to fines and penalties under increasingly stringent data protection laws, such as GDPR in the European Union.
In April 2022, for example, Dedalus Biologie, a healthcare software provider, was fined €1.5 million after a data breach exposed patients’ social security numbers, doctors, and medical information. Attacks such as these also diminish a company’s trustworthiness in the eyes of patients, the public, and the market, thus negatively affecting business growth and operations.
To better safeguard patient records against data breaches, it is paramount that all stakeholders in the pharma industry invest in a strong cybersecurity strategy. By continually updating software, implementing multi-factor authentication (MFA), and regularly training staff on cybersecurity best practices, the window for cyberattacks can be significantly reduced.
Clinical trial partners that put cybersecurity first
The rise of additional digital tools such as eCOA and eConsent has made clinical trials more accessible and comprehensible, but the collection of such information provides a further data security challenge.
At the head of the curve are industry experts RWS, who offer comprehensive translation and localisation services to ensure patients from all countries and any reading level can fully understand eCOA and eConsent forms. Globalisation has resulted in the proliferation of online translation services, with online portals offering instant translations. However, as well as often providing inaccuracies, these are not secure systems and information inputted is often poached by machine learning algorithms, leaving data vulnerable to hacking or exposure.
As a trusted partner, cybersecurity is a priority in RWS’s product development, as outlined in its Group Secure Software Development Lifecycle Policy. Monthly scans of its public-facing infrastructure enable RWS to assess cybersecurity risks and act accordingly. Their information security programme is owned by the Chief Information Officer and is managed throughout the year by the executive-level Information Security Steering Committee to ensure cybersecurity protocol remains as up-to-date as possible.
RWS’s network supplier monitors traffic to provide alerts in case of anomalous activity, and the company’s Group Information Security Incident Management Policy outlines strategy in the face of a breach. This information is available online to all RWS employees, who also benefit from mandatory training in cybersecurity principles whatever their role.
Redaction services for PHI/PII
In addition to translation and localisation, RWS offers specialised redaction services for protected health information (PHI) and personally identifiable information (PII) to help clinical trial sponsors and CROs comply with stringent data protection regulations Redacting sensitive information ensures that personal data is not exposed during the sharing or reporting of clinical trial results, enhancing the security of digital information being circulated online.
Furthermore, RWS employs advanced artificial intelligence (AI) and machine learning (ML) technologies to automate the redaction process, ensuring accuracy and efficiency. This includes identifying and obscuring personal identifiers from documents, which is crucial in maintaining patient confidentiality and adhering to compliance requirements such as HIPAA in the US and GDPR in the EU.
By integrating redaction services with its comprehensive suite of offerings, RWS provides a holistic approach to data security in clinical trials so that sensitive patient information is protected at every stage of the process.
Its safe, secure, and easy-to-use translation services are essential to the modern global world of clinical trials. RWS’s expertise in eCOA and eConsent translation ensures patients understand their responsibilities, all while protecting their data against digital breaches.