The COVID-19 pandemic has presented an array of cybersecurity challenges. With no slowing down of the virus’s spread, hackers and other cyber criminals are continuing to seize opportunities to take advantage of vulnerable networks.
Companies are facing technology risks as more people work remotely, including unmanaged devices and insecure IT access, which is leading to increased phishing scams. For example, as more people work remotely and use telemedicine services, more cybersecurity issues are surfacing, such as incidents of videoconferencing accounts being sold on the dark web. Security firm, Zscaler, claims to have experienced a stunning 30,000% increase since January in detected phishing, malicious websites and malware designed to capitalize on the COVID-19 crisis. Similarly, according to the C5 Alliance, cyber-attacks have increased by 150 percent in the healthcare sector over the past two months, as criminals seek to take advantage of system vulnerabilities during the pandemic.
Also, hospital systems and clinical trial sites are particularly vulnerable to ransomware as their services are more vital now. As noted by an alert issued by Interpol in early April, cybercriminals are using ransomware to target healthcare organisations already overwhelmed by COVID-19, suggesting an increased likelihood to pay hefty sums of money. This surge in ransomware incidents include an Illinois Public Health District website, a Czech hospital system, and a UK medical testing facility.
Opportunistic cyber criminals can use the current pandemic to steal intellectual property and patient information. Further, medical devices and other connected devices and networks, which make up the internet of medical things (IoMT), can easily be targeted as users frequently shift from secure healthcare networks to unsecured public Wi-Fi networks. Cyber-attack schemes include hacking medical devices either to control them or to be used as a backdoor into a hospital’s IT network.
To date, there is a 26 percent chance that 14 percent of patient monitoring tools will get attacked, according to research conducted by Atlas VPN. The research also reported that 27 percent of medical devices are still running Windows XP or decommissioned versions of Linux OS, leading these devices to increased vulnerabilities and cyber threats.
As no standard operating system for medical products exists, most medical devices use easily compromised off-the-shelf software. In addition, if a device’s security software is not automatically updated, it can leave further vulnerabilities.
During this time, digital health technologies have the opportunity to mitigate challenges and relieve burdens to patients and healthcare systems. Yet, it is important to understand potential cyber threats and how to implement proper measures to ensure the safety of patients and trial data. Learning how to better design and include security in devices and systems at the beginning of development will best protect users, as it is more difficult to add security features after creation. As healthcare systems, device manufacturers and software developers rapidly make changes to thwart cyber criminals, we advise to exercise extreme vigilance, as successful attacks will continue to exacerbate current and future challenges.
Implementing data security best practices
Adhering to best practices regarding patient data privacy remains important during times of crisis as more sponsors, sites and patients increasingly rely on remote communications. Protecting new and existing sources of patient data starts with making sure data is handled securely and that patient data is protected, and in line with the EU’s General Data Protection Regulation.
Users and site administrators of applications and softwares should adhere to best practices for password security, such as ensuring strong passwords and multi-factor authentication. Software and hardware should have the latest security patches, and anti-malware software should be deployed. Networks should be continuously monitored — in addition to the networks where IoMT devices are connected — for suspicious behaviour. Further, data backup plans should be established in separate and secure locations.
Harnessing new technologies, such as blockchain, can improve the privacy of sharing data across large networks of users and can keep track of data transactions through a tamper-proof chain of custody of all medical devices.
Developing a cybersecurity plan that addresses IoMT
Countering cyber-attacks starts by incorporating safety measures from the beginning of a device’s or app’s development and creating a device cybersecurity strategy. The first step is to develop a risk-based cybersecurity plan that addresses overall vulnerability issues with regard to safety, security, privacy, automation, software and design.
Second, medical device manufacturers should make provisions to ensure that device design is simple and easy to update, and adheres to regulatory guidelines. Also, manufacturers should plan vulnerability management processes, ensuring that fixes can be rapidly developed and deployed. At the same time, processes and protocols to handle security breaches will need to be defined.
In addition, medical device developers will need to include specific security features such as:
- Structured processes for limiting access to devices
- Proven secure design and communications protocols
- Secure standard operating procedures
- Periodic software tests and security updates
Moreover, device assessment automation tools should be employed to aid IT professionals in determining where cybersecurity attacks originate. Advantages to automation software include installation of security patches, cloud-based security solutions and traffic analytics tools. In addition, blockchain, AI and machine learning can be leveraged to identify and respond to cyber-attacks in real time, and used to apply adaptive security controls to medical devices, such as additional authentication.
Collaborating is key
Finally, seeking the advice of IT and medical device experts is crucial since they can provide information about any known computer operating system legacy vulnerabilities. The integration of IoMT and expanded use of networks has brought new opportunities for cyber criminals. Investing in and integrating cybersecurity measures in devices, apps, software and networks can go a long way to preventing future vulnerabilities.
To learn more about how ICON experts can help you ensure your clinical trial data and patients remain safe, please contact us.
COVID-19 clinical operations
Keeping your clinical trial on track in an evolving environment.
In this section
-
Digital Disruption
-
Clinical strategies to optimise SaMD for treating mental health
-
Digital Disruption whitepaper
- AI and clinical trials
-
Clinical trial data anonymisation and data sharing
-
Clinical Trial Tokenisation
-
Closing the evidence gap: The value of digital health technologies in supporting drug reimbursement decisions
-
Digital disruption in biopharma
-
Disruptive Innovation
- Remote Patient Monitoring
-
Personalising Digital Health
- Real World Data
-
The triad of trust: Navigating real-world healthcare data integration
-
Clinical strategies to optimise SaMD for treating mental health
-
Patient Centricity
-
Agile Clinical Monitoring
-
Capturing the voice of the patient in clinical trials
-
Charting the Managed Access Program Landscape
-
Developing Nurse-Centric Medical Communications
- Diversity and inclusion in clinical trials
-
Exploring the patient perspective from different angles
-
Patient safety and pharmacovigilance
-
A guide to safety data migrations
-
Taking safety reporting to the next level with automation
-
Outsourced Pharmacovigilance Affiliate Solution
-
The evolution of the Pharmacovigilance System Master File: Benefits, challenges, and opportunities
-
Sponsor and CRO pharmacovigilance and safety alliances
-
Understanding the Periodic Benefit-Risk Evaluation Report
-
A guide to safety data migrations
-
Patient voice survey
-
Patient Voice Survey - Decentralised and Hybrid Trials
-
Reimagining Patient-Centricity with the Internet of Medical Things (IoMT)
-
Using longitudinal qualitative research to capture the patient voice
-
Agile Clinical Monitoring
-
Regulatory Intelligence
-
An innovative approach to rare disease clinical development
- EU Clinical Trials Regulation
-
Using innovative tools and lean writing processes to accelerate regulatory document writing
-
Current overview of data sharing within clinical trial transparency
-
Global Agency Meetings: A collaborative approach to drug development
-
Keeping the end in mind: key considerations for creating plain language summaries
-
Navigating orphan drug development from early phase to marketing authorisation
-
Procedural and regulatory know-how for China biotechs in the EU
-
RACE for Children Act
-
Early engagement and regulatory considerations for biotech
-
Regulatory Intelligence Newsletter
-
Requirements & strategy considerations within clinical trial transparency
-
Spotlight on regulatory reforms in China
-
Demystifying EU CTR, MDR and IVDR
-
Transfer of marketing authorisation
-
An innovative approach to rare disease clinical development
-
Therapeutics insights
- Endocrine and Metabolic Disorders
- Cardiovascular
- Cell and Gene Therapies
- Central Nervous System
-
Glycomics
- Infectious Diseases
- NASH
- Oncology
- Paediatrics
-
Respiratory
-
Rare and orphan diseases
-
Advanced therapies for rare diseases
-
Cross-border enrollment of rare disease patients
-
Crossing the finish line: Why effective participation support strategy is critical to trial efficiency and success in rare diseases
-
Diversity, equity and inclusion in rare disease clinical trials
-
Identify and mitigate risks to rare disease clinical programmes
-
Leveraging historical data for use in rare disease trials
-
Natural history studies to improve drug development in rare diseases
-
Patient Centricity in Orphan Drug Development
-
The key to remarkable rare disease registries
-
Therapeutic spotlight: Precision medicine considerations in rare diseases
-
Advanced therapies for rare diseases
-
Transforming Trials
-
Accelerating biotech innovation from discovery to commercialisation
-
Ensuring the validity of clinical outcomes assessment (COA) data: The value of rater training
-
Linguistic validation of Clinical Outcomes Assessments
-
Optimising biotech funding
- Adaptive clinical trials
-
Best practices to increase engagement with medical and scientific poster content
-
Decentralised clinical trials
-
Biopharma perspective: the promise of decentralised models and diversity in clinical trials
-
Decentralised and Hybrid clinical trials
-
Practical considerations in transitioning to hybrid or decentralised clinical trials
-
Navigating the regulatory labyrinth of technology in decentralised clinical trials
-
Biopharma perspective: the promise of decentralised models and diversity in clinical trials
-
eCOA implementation
- Blended solutions insights
-
Implications of COVID-19 on statistical design and analyses of clinical studies
-
Improving pharma R&D efficiency
-
Increasing Complexity and Declining ROI in Drug Development
-
Innovation in Clinical Trial Methodologies
- Partnership insights
-
Risk Based Quality Management
-
Transforming the R&D Model to Sustain Growth
-
Accelerating biotech innovation from discovery to commercialisation
-
Value Based Healthcare
-
Strategies for commercialising oncology treatments for young adults
-
US payers and PROs
-
Accelerated early clinical manufacturing
-
Cardiovascular Medical Devices
-
CMS Part D Price Negotiations: Is your drug on the list?
-
COVID-19 navigating global market access
-
Ensuring scientific rigor in external control arms
-
Evidence Synthesis: A solution to sparse evidence, heterogeneous studies, and disconnected networks
-
Global Outcomes Benchmarking
-
Health technology assessment
-
Perspectives from US payers
-
ICER’s impact on payer decision making
-
Making Sense of the Biosimilars Market
-
Medical communications in early phase product development
-
Navigating the Challenges and Opportunities of Value Based Healthcare
-
Payer Reliance on ICER and Perceptions on Value Based Pricing
-
Payers Perspectives on Digital Therapeutics
-
Precision Medicine
-
RWE Generation Cross Sectional Studies and Medical Chart Review
-
Survey results: How to engage healthcare decision-makers
-
The affordability hurdle for gene therapies
-
The Role of ICER as an HTA Organisation
-
Strategies for commercialising oncology treatments for young adults
-
Blog
-
Videos
-
Webinar Channel