#AusCT 7Jul17: Cybersecurity and Clinical Trials
Cybersecurity is becoming a big deal. With the recent ransomware attack catching healthcare and medical device providers out, shutting down services and some medical equipment, it seems a reasonable time to explore what the issues might be for clinical trials, both from a patient and sponsor/service provider perspective. According to Techtarget’s WhatIs.com…
“Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.”
Given the increased use of technology in clinical trials, for everything from global project management systems, payment and drug supply automation, recruitment, safety reporting, the tracking/support/reminders for participants, data collection (both inputted data, and streaming of data from wearables and other remote devices) to the investigational product itself, cybersecurity is going to need to be top of the list of considerations for sponsors, service providers, and informed patients. Getting it wrong, could have widespread consequences for both sponsors and patients. After all, Good Clinical Practice (ICG-GCP), the intent of the international guideline that informs or has been adopted into legislation of most countries running clinical trials, is at its very heart to ensure data integrity and the safety and welfare of participants is protected. In our rush to make trials easier for patients to do, and more streamlined and efficient, we need to make sure that we are top of the risks and threats increased used of technology in clinical trials could/has introduced.
So what are some of the risks? Let’s start with the most important stakeholders… the participants. Those participating in clinical trials share very personal information about themselves and their health condition. It is a fundamental right that that data be secure to ensure their identity and privacy are well protected. They should be informed how their data is being collected, stored, and whom will potentially have access to it, both now, and in the future. Appropriate systems should be in place to prevent breaches to privacy, which is everything from those collecting the data maintaining the security of both the paper records and electronic systems they collect information on, appropriate use of electronic passwords, to full security of the electronic systems to attack from outside sources. It also includes policies and practice around use of social media, which could inadvertently breach privacy.
For sponsors, there are risks operationally, for the integrity of the data upon which internal decisions or regulatory approvals are made, and for the reputation of the company. Imagine if:
- Project documentation was stolen, changed or made unavailable?
- Important safety communications went astray?
- Drug supply or site/participant payments were inappropriately directed?
- Inappropriate persons had access to personal data through hacking or poor password/security practices?
- The data streamed from wearables and other devices was corrupted?
- There was inappropriate data accessed from eMedical records?
- The identify or personal information of people participating in your trials was uncovered or stolen?
- The technology being used at medical facilities to ensure safety or collect data no longer worked (eg sterilisers, ECG machines, ventilators, laboratory analysis equipment, etc)
- The device being trialled was hacked and worked inappropriately (eg delivered an altered dose), or not at all?
So where do patients and sponsors start in minimising the risks posed by the increased use of technology in clinical trials? Where are the points of risk most concentrated – at the site from the use of public wifi or staff password sharing, or through inappropriately protected software from service providers? Can the risks be minimised? What infrastructure, processess and technologies should sponsors be considering? How should patients be assessing their risk in being involved in clinical trials from a technology standpoint?
This is such a big topic, and an hour’s #AusCT twitterchat can’t possibly hope to solve all these questions, but it is important that the conversation is started. I hope that you will join in to share your views as patients, data managers, technology and service providers, healthcare providers, trial sponsors, cybersecurity experts and medtech companies to discuss this highly relevant and important topic. It will be guest moderated by Allison Fox, Director Business Operations for the Medical Technology Association of Australia (MTAA) via their twitter handle @MTAA5, at 12.30pm AEST (Sydney time) Friday 7th July using the hashtag #AusCT. I can’t wait to see what is uncovered.
#AusCT TwitterChat: Cybersecurity & Clinical Trials
Join the live twitterchat using the hashtag #AusCT to share your concerns, thoughts and experience on the topic
– Janelle Bowden