Barring the Electronic Door: How to Secure Mobile Devices Used in Clinical Trials
By Richard Wzorek
In the foreseeable future, biopharmaceutical companies that do not allow those working on clinical trials to have mobile access to the systems and data they need will be at a competitive disadvantage.
Internal users, investigator sites, Clinical Research Organizations (CROs), central labs, and other vendors all have a growing expectation that they can access trial data and applications “where they live,” in other words, on their mobile devices. Indeed, worldwide usage trends and prospective productivity gains make a compelling case for moving in a mobile direction. However, some inherent security risks complicate the landscape significantly, and decision-makers should proceed with their eyes wide open. Here, we discuss the leading security risks to consider and offer recommendations on how to mitigate or avoid them.
The case for mobile access
Mobile devices are now ubiquitous, with their usage long since eclipsing that of desktop devices. The crossover happened in 2014, and the gap continues to widen in favor of mobile computing.1 What is more, over the past five years, there has been a substantial increase in the number of Internet users who rely exclusively on mobile devices.2
Cisco Systems was forecasting that by 2019, about 24 exabytes (a billion gigabytes) of data will be transferred to and from mobile devices each month.3 To put this intangible number into perspective, consider that a single Exabyte could transmit 119 billion songs that would last for 906,000 years.4
Between 2012 and 2015 there has been double-digit growth in the number of clinical trials in most regions of the world. The Asia Pacific region has seen material clinical trial growth led by countries like China (71%), Japan (54%), and India (37%). This growth in clinical trial volume is from the region that is forecasted to have the most significant mobile data volume over the next five years.
Given the popularity of mobile devices, it is no wonder that those involved with clinical trials—and most especially clinical investigators—would prefer to have the information and tools that they need to do their jobs accessible on smartphones and tablets. For instance, it is much more efficient for investigators to be able to work with clinical trial tools that are embedded in their workflow for providing the standard of care than it is for them to have to switch systems and transport data from one device to another.
Healthcare institutions have captured the attention of cybercriminals for several reasons:
- The exchange of electronic healthcare information is a relatively recent phenomenon, and many institutions are still soft
- Healthcare databases contain vast amounts of Personally Identifiable Information (PII) that doesn’t “expire.”
- Credit card and bank account data present only a narrow window of opportunity—i.e., typically the theft is discovered and the breach remedied quickly. Meanwhile, medical information fraud can go undetected for quite some
- Many financial services institutions and retailers have developed some expertise and experience in thwarting attacks, so criminals turn their attention
- The value of stolen healthcare data is at a
- According to the World Privacy Forum, hackers and identity thieves will pay $50 for stolen medical information versus $1 for a stolen Social Security 5
The sources of risk: BYOD and outside networks
Bring Your Own Device (BYOD) solutions
At first blush, allowing those involved in clinical trials to use their own existing mobile devices (smart phones and tablets) for trial work and participation seems like a financial “no brainer.” Why provision and then have to maintain and manage proprietary devices when parties already have the hardware themselves? It is not as simple as it sounds, however. The main issue relates to the number of device platforms that would have to be supported, particularly for global trials. Not only is there the matter of Android versus Apple operating systems, but there are multiple releases of each on the market. (This is especially true in Latin America where the secondary market for used devices is very strong.) Not all will have the latest security patches.
Public hotspots and guest networks
Data residing on a device that is used in a public place—whether it be as an executive checks e-mail in a café, or as a study monitor reviews files at an airport— are at risk for being compromised. Usually, however, the device itself and the information on it are not the hacker’s ultimate target. Rather, hackers troll such networks in an attempt to use the mobile device as a vector to gain access to an organisation’s internal network.
Allow us to secure your mobile devices used in clinical trials through OVERSIGHT.
To find out more about OVERSIGHT, click here.
1 http://www.marketingcharts.com/ online/in-the-us-time-spent-with mobile-apps-now-exceeds-the- desktop-web-41153/
2 http://www.marketingcharts.com/ online/us-now-sees-more-mobile- only-than-desktop-only-adult- internet-users-54072/
3 http://www.cisco.com/c/en/us/ solutions/collateral/service-provider/ visual-networking-index-vni/white_ paper_c11-520862.html
Almac Clinical Technologies
Almac Clinical Technologies is here to help the biopharmaceutical industry bring new therapies to those in need by empowering clinical trial sponsors to proactively manage sites, patients, and clinical trial supplies through our industry-leading Interactive Response Technology (IRT) and expert consultancy.
Almac Clinical Technologies is uniquely positioned to unlock new efficiencies in the clinical supply chain and to help achieve greater predictability in your projects and programs.
Our professionals are dedicated to delivering high-quality Interactive Response Technology (IRT) solutions, dependable professional services, and reliable customer service. Our expertise, energy, and commitment have earned us a reputation as a trusted ally in the drug development process.