Home / Clinical Technologies /

Barring the Electronic Door: How to Secure Mobile Devices Used in Clinical Trials

By Richard Wzorek

In the foreseeable future, biopharmaceutical companies that do not allow those working on clinical trials to have mobile access to the systems and data they need will be at a competitive disadvantage.

Internal users, investigator sites, Clinical Research Organizations (CROs), central labs, and other vendors all have a growing expectation that they can access trial data and applications “where they live,” in other words, on their mobile devices. Indeed, worldwide usage trends and prospective productivity gains make a compelling case for moving in a mobile direction. However, some inherent security risks complicate the landscape significantly, and decision-makers should proceed with their eyes wide open. Here, we discuss the leading security risks to consider and offer recommendations on how to mitigate or avoid them.

The case for mobile access

Mobile devices are now ubiquitous, with their usage long since eclipsing that of desktop devices. The crossover happened in 2014, and the gap continues to widen in favor of mobile computing.1 What is more, over the past five years, there has been a substantial increase in the number of Internet users who rely exclusively on mobile devices.2

Cisco Systems was forecasting that by 2019, about 24 exabytes (a billion gigabytes) of data will be transferred to and from mobile devices each month.3 To put this intangible number into perspective, consider that a single Exabyte could transmit 119 billion songs that would last for 906,000 years.4

Between 2012 and 2015 there has been double-digit growth in the number of clinical trials in most regions of the world. The Asia Pacific region has seen material clinical trial growth led by countries like China (71%), Japan (54%), and India (37%). This growth in clinical trial volume is from the region that is forecasted to have the most significant mobile data volume over the next five years.

Given the popularity of mobile devices, it is no wonder that those involved with clinical trials—and most especially clinical investigators—would prefer to have the information and tools that they need to do their jobs accessible on smartphones and tablets. For instance, it is much more efficient for investigators to be able to work with clinical trial tools that are embedded in their workflow for providing the standard of care than it is for them to have to switch systems and transport data from one device to another.

Healthcare institutions have captured the attention of cybercriminals for several reasons:

  • The exchange of electronic healthcare information is a relatively recent phenomenon, and many institutions are still soft
  • Healthcare databases contain vast amounts of Personally Identifiable Information (PII) that doesn’t “expire.”
  • Credit card and bank account data present only a narrow window of opportunity—i.e., typically the theft is discovered and the breach remedied quickly. Meanwhile, medical information fraud can go undetected for quite some
  • Many financial services institutions and retailers have developed some expertise and experience in thwarting attacks, so criminals turn their attention
  • The value of stolen healthcare data is at a
  • According to the World Privacy Forum, hackers and identity thieves will pay $50 for stolen medical information versus $1 for a stolen Social Security 5

The sources of risk: BYOD and outside networks

Bring Your Own Device (BYOD) solutions

At first blush, allowing those involved in clinical trials to use their own existing mobile devices (smart phones and tablets) for trial work and participation seems like a financial “no brainer.” Why provision and then have to maintain and manage proprietary devices when parties already have the hardware themselves? It is not as simple as it sounds, however. The main issue relates to the number of device platforms that would have to be supported, particularly for global trials. Not only is there the matter of Android versus Apple operating systems, but there are multiple releases of each on the market. (This is especially true in Latin America where the secondary market for used devices is very strong.) Not all will have the latest security patches.

Public hotspots and guest networks

Any data that resides on a device used in a public place is at risk of compromisation. From an executive checking their e-mail in a café, or a study monitor reviewing files at an airport. Usually, however, the device itself and the information on it are not the hacker’s ultimate target. Rather, hackers troll such networks in an attempt to use the mobile device as a vector to gain access to an organisation’s internal network.

Allow us to secure your mobile devices used in clinical trials through OVERSIGHT.

To find out more about OVERSIGHT, click here.

1 http://www.marketingcharts.com/ online/in-the-us-time-spent-with mobile-apps-now-exceeds-the- desktop-web-41153/
2 http://www.marketingcharts.com/ online/us-now-sees-more-mobile- only-than-desktop-only-adult- internet-users-54072/
3 http://www.cisco.com/c/en/us/ solutions/collateral/service-provider/ visual-networking-index-vni/white_ paper_c11-520862.html
4 http://www.scality.com/100- exabytes-makes-big-data-look-tiny/
5 https://www.worldprivacyforum.org/2006/05/report-medical-identity-theft-the-information-crime-that-can-kill-you/
Share Blog Facebook Share Blog Twitter Share Blog LinkedIn Share Blog via Email Print Blog
This website uses cookies. By continuing to browse the site, you are agreeing to our use of cookies