5 cybersecurity guidelines for remote monitoring in clinical trials
Remote monitoring has many advantages in clinical trials. It can streamline the record-keeping process, minimise data entry errors, and enable simultaneous tests across multiple areas and demographics. However, remote monitoring technologies also introduce cybersecurity concerns.
Internet of Things (IoT) devices, cloud platforms, and other digital technologies used in remote monitoring are all potential targets for cybercriminals. Given the sensitive nature of this data, pharma organisations must address those risks. These 5 cybersecurity guidelines will help:
1. Emphasise security awareness for all involved
The first step in remote monitoring cybersecurity is to ensure all parties understand the risks and relevant best practices. That includes any employees with access to clinical trial data and the trial participants themselves.
Up to 95% of cybersecurity issues stem from human error. The key to preventing security-jeopardising mistakes is to explain proper usage to system users. These best practices include using strong passwords, multi-factor authentication (MFA), learning to spot phishing attempts, and never giving away sensitive information over email.
Staff will be more likely to follow best practices when they know why they’re essential. It’s also important to stress the potential damage cyberattacks can cause. When patients understand these risks, they make informed decisions about their participation, reducing liability.
2. Collect only what’s necessary
Pharmaceutical companies should also rethink their data collection practices. More specifically, they should only collect information relevant to the study’s goals and regulatory standards. Businesses should not gather any unnecessary data under that umbrella to minimise the amount of information a breach could expose.
This step may seem counterintuitive, as more data produces more reliable results. However, not all information is useful. Some studies may not need patient names, location data, or other personally identifiable information (PII). Gathering and storing such details increases risks without increasing benefits, so it’s best not to include them in the first place.
Organisations can also use anonymisation techniques to remove unnecessary PII. Data masking is an ideal option, as it renders materials useless to cybercriminals without changing their values and relationships, which are more important for the study. Pseudonymisation and generalisation provide similar benefits.
3. Test monitoring systems before use
Remote monitoring involves a lot of specialised equipment. So, it’s important to source this hardware from trusted providers. IoT devices should have strong built-in protections, and cloud vendors should have proof of their security, such as industry-recognised certifications. Even after getting trusted systems, brands must test them before using them in clinical trials.
Misdelivery is the most common cause of data breaches in healthcare and pharma companies must ensure all trial details go to the right place. Testing will ensure the system works from a technical standpoint and get employees used to operating it, preventing these errors.
Similarly, pharma businesses must continually check their remote monitoring systems to ensure they’re working properly. Any instance where data appears to be missing or errors have arisen warrants further investigation.
4. Restrict data access
Another crucial step in protecting clinical trial materials is to restrict internal access to it. Fewer people being able to see or edit sensitive information translates to fewer potential entry points for cybercriminals.
Even trusted, seasoned workers shouldn’t have access to clinical trial data if they don’t need it for their role. Over half of all organisations have experienced an insider threat in the past year, and many have suffered several. That doesn’t mean all companies have malicious employees — rather, most of these breaches stem from mistakes and social engineering. In either case, restricting access privileges makes these incidents less likely.
Pharma organisations must also realise restrictions only work well when they coincide with strong authentication measures. Simple username and password combinations are easy to break through, so MFA is vital.
5. Create an incident response plan
Finally, all clinical trials using remote monitoring systems need a back-up plan. Cybercrime is too common and the consequences are too severe to assume a system will never fail. An incident response plan will minimise the impact.
AI-powered continuous monitoring is an important part of these plans. Automated detection tools can spot and contain breaches faster than human teams, enabling more effective responses. As a result, companies using them save an average of $1.76 million in data breach costs.
Pharmaceutical businesses should also keep back-ups of all essential data. Back-up sets require the same amount of protection as primary databases, like encryption and restricted access controls. Beyond that, a response plan should include communication protocols and steps to get the monitoring system back online.
Remote monitoring brings new cybersecurity concerns
Remote monitoring could bring new drugs to market in record time. However, brands must consider its risks to capitalise on it safely.
IoT endpoints and similar remote monitoring systems increase a pharmaceutical organisation’s attack surface. Recognising and responding to this risk will allow businesses to use these technologies without unnecessary liability.