16 September 2019
Our industry is under attack – there is no doubt about it! The news of yet another organization falling victim to cybercrime has become a daily occurrence. As long as there is a promise of financial gain, the cybercriminals will keep on trying and their methods will keep on evolving. So why is our industry such a soft and lucrative target? The answer is simple. We generate, store and consume sensitive information as part of doing business.
From patient medical and emergency records to automating data capture within clinical processes to retaining and sharing research and development activity across laboratories and partner supply chains. Many more medical devices that perform complex functions, diagnoses, therapies and outputs are increasingly placed within a connected IT network.
Whilst all industries have Cyber Security challenges, the Biotech, Life-Sciences and Healthcare sectors face a number of unique ones. Networks are increasingly interconnected across many related parties. From Biotech to CROs/CDMOs to various GxP partners, from Clinics to Hospitals, from mobile workforces to suppliers, from Research Institutes and University environments to the private sector. These organizations typically extend network access privileges to large numbers of staff who use a variety of mobile devices remotely. Industry’s vulnerability to breaches through lost or stolen devices or malicious access activity is greatly increased.
Collaboration is the way we do business. Sharing information is crucial to our progress, yet presents one of the most common attack vectors. A further challenge to the industry has been the resistance of users to adopt security measures for concerns of impeding rapid access to information at critical times. Protecting the privacy of patients, the intellectual property and validating the accuracy of the data is becoming more challenging.
Given new security and privacy laws and closer enforcement of regulatory mandates, accompanied with greater non-compliance penalties, Boards and Executive committees are placing greater urgency on their data protection.
By following these best practices, paying attention to the latest threat intelligence to the industry, and investing in the latest security technologies and partnering with a proven industry managed security services partners, our industry can go a long way towards protecting their critical information assets.
If the previous year has been any indication, our sector is vulnerable to greater attacks. The increased connectivity of devices together with greater digitized data / records puts organizations at greater risk.
We also need to ask more questions of the cloud service providers: “Are your services secure? Is your backup adequate? What do you do to mitigate the risks?”
It is a common misconception that cloud providers are responsible for protecting your privacy and intellectual property. In fact, the opposite is true. Regardless of whether you are using legacy (on-prem) or cloud services, your organization is responsible for the information that’s being created, stored, accessed and distributed. Can your cloud provider furnish you with a SOC report?
The good news is that our industry is more aware of these escalating threats. Board and Executive members have agenda action items to understand the threat vectors and what may be done about it. Many organizations have the opportunity to implement appropriate security solutions more affordably than what may have been hoped for in the past.
By asking some basic questions, an appropriate remediation plan can be considered, such as:
“What’s going on in our network now; How can we gain full visibility; How do we best position our ‘cloud’ or ‘on premises’ set-up to protect and scale our organization whilst being compliant to regulatory mandates…”
Cyber threats are virtually (pardon the pun) impossible to prevent. But you can put yourselves in a position where your organization can detect, prevent, analyze, and respond to attacks fast enough to prevent the most serious of breaches.
By following best practices, investing in the latest tools, and by partnering with a proven industry managed IT and IT Security services partner; our industry can go a long way toward protecting their critical information assets.
For any further information, help, or questions, click here or call Exigence on 03 9568-5437.