Security Breaches Target CROs: R&D Leaders Need more Visibility...

Security Breaches Target CROs: R&D Leaders Need more Visibility into Outsourced Research

By David Iorns, Chief Architect, Science Exchange And Nolan McDonnell, Vice President, Head of Product, Science Exchange

David Iorns, Chief Architect, Science Exchange

Recently, security breaches have been reported at several contract research and diagnostic testing organizations. To mitigate risk and ensure regulatory compliance, pharma and biotech sponsors must shift to a multipronged approach to cyber security. Given the large investment in digital health and digital innovation, stakeholders from sponsors, CROs, and investigators must collaborate to secure the vast quantities of data produced by drug discovery and development programs.

Not only the R&D organizations should maintain their own IT infrastructure, but they must ensure that their outsourced R&D service providers demonstrate a commitment to data security. This responsibility has traditionally been held by a company’s IT leaders, and now must be shared by scientific leadership, operations, legal and finance teams.

Five factors drive the shift to shared responsibility for mitigating risk:

● Distributed R&D. R&D studies are carried out across geographies, across multiple providers, and by subcontractors.

Large shared data sets. Data can be stored, processed, and transmitted via multiple cloud-based platforms.

Heightened public awareness. Companies are required to make public data disclosure events; however, there is increased awareness of other types of cyberattacks, such as ransomware, phishing, and intellectual property theft.

High dollar amounts of losses caused by unusually sophisticated and destructive cyberattacks. The Not Petya attack of 2018, affecting at least one large pharma company, cost businesses over $10 billion.

Nolan McDonnell, Vice President, Head of Product, Science Exchange

Increased oversight. The United States legislature now requires that companies who have undergone data breaches disclose which third-party providers they use and what security measures are in place. As of May 2019, 91 companies have been fined for noncompliance with Europe’s GDPR data privacy regulation, which took effect in May 2018.

Barriers of visibility into outsourced R&D

Stakeholders agree that more visibility is needed. However, managing external R&D projects have traditionally lacked clear audit trails, a centralized location for information, and integration with organizations’ internal systems.

In one survey of R&D leaders, 78 percent of respondents felt at least somewhat challenged to confirm a provider’s commitment to data security and privacy. Besides, 79 percent surveyed said they were concerned about protecting IP when working with external R&D providers.

Technology platforms mitigate risk

Given that outsourced spend accounts for a rapidly growing share of R&D budgets, most major pharma’s and bio techs of all sizes now use R&D services marketplaces, recognizing that failing to do so would put them at a competitive disadvantage. Marketplace platforms help organizations assess provider quality, maintain audit trails, centralize data storage, and ensure security and privacy compliance.

With several online R&D marketplaces now supporting various aspects of life science research, drug discovery and development companies have a path forward to conduct networked R&D, with transparency and security, at scale.

Read Also

Update on the European Pharma Distribution

Update on the European Pharma Distribution

Marc Evrard, Logistics Validation Manager, Vifor Pharma [SWX: VIFN]
Reimagining Clinical Trials

Reimagining Clinical Trials

Mohammed Ali, Global Head Digital Trials, Global Clinical Operations, Boehringer Ingelheim
Power of Digitized Health Data

Power of Digitized Health Data

William Paiva, Executive Director, Oklahoma State University's Center for Health Systems
Driving a Context-Aware Clinical Desktop Experience

Driving a Context-Aware Clinical Desktop Experience

Rebecca Kaul, Chief Innovation Officer, University of Pittsburgh Medical Center (UPMC)

Weekly Brief