Fast, flexible and proven, IQVIA’s industry-leading electronic clinical outcome assessment (eCOA) platform ramps up efficiencies, delivers real-time data, and sharpens insights through best-in-class technology and a better patient experience.
The healthcare industry is leading the fight against COVID-19. Pharma companies, academic institutions, and public healthcare agencies have joined forces to develop safe and effective treatments as quickly as possible. But those efforts are facing yet another challenge – the increasing threat of cyber and ransomware attacks.
In September, eResearch Technology (ERT) suffered a malicious ransomware attack that locked staffers out of clinical trial data, some of which is being gathered for COVID-19 vaccine trials. Fortunately, no patient safety was put at risk, but the attack forced the company to take their system offline for roughly two weeks, which meant researchers had to temporarily track patients via back-up modalities, including, pen and paper documents. This impacted the data collection process and potentially delayed progress on vital research. And this is just one recent example.
Cybersecurity attacks on healthcare institutions and pharma companies have become alarmingly common in recent years, and the pandemic has only heightened the risk. Through this pandemic, cyber-attackers have been more inclined to take advantage of the “new normal” and the trend towards more virtual settings and exploit cyber-attack vulnerabilities across organizations.
Early in 2020, FBI cybersecurity experts reported an increase in COVID-19-related phishing scams and efforts to exploit weak passwords and unprotected virtual private networks. In July, the agency issued a warning that ransomware attacks were occurring against health agencies, private companies, and governments during the pandemic as criminals attempted to profit from holding critical patient data hostage.
This trend forces sponsors and sites to act more diligently in assessing the cybersecurity methods used by their own organizations and partners, particularly as remote monitoring and digital data collection tools are added into the clinical research workflow.
While these attacks will always be a risk, there are industry best practices that can help mitigate risks, giving sponsors, sites, and patients greater peace of mind. As a leading global provider of data and technology solutions to the life sciences industry, IQVIA’s security experts apply industry best practice data security strategies across our infrastructure and technology products. They are continually looking for ways to increase and uphold data security without compromising the user experience.
The scope of reach includes the IQVIA electronic Clinical Outcomes Assessment (eCOA) platform, which captures outcomes data directly from trial participants giving stakeholders almost instantaneous access to study insights and trends.
Implementing MFA
Capturing data directly from mobile devices in the hands of study participants creates new points of risk. To mitigate this risk on IQVIA’s eCOA platform, when patients complete diary entries or capture datapoints via the IQVIA Scribe mobile application, the application encrypts data at rest and sends the data away from the device in near real-time, storing it in a secure cloud-based data center. That dataset is protected by industry-leading technologies, remote data backup and a multi-factor authentication (MFA) process.
MFA is a security method that requires users to provide an additional authentication factor, such as an original texted code, before gaining access to a database or any other digital environment. It is considered an industry best practice to decrease the likelihood of a successful cyber-attack as it incorporates the three tenants of access management being “something you are” (unique user identity like a fingerprint), “something you know” (password known only by you) and “something you have” (rotating or one-time passcode).
Role-based access rules
To further protect data in eCOA possession, IQVIA hosts the data for every study in a separate digital environment that has varying scopes and specific role-based access options. Each user is only able to gain access to data that aligns with their organizational and/or study-specific role. For example, sponsors have the authority to access all study data across trial sites (study level role), while each site can only access their individual site data as controlled by the role and site assignment (site level role).
This limits the number of people who can interact with the data, minimizing the risk of losses due to human error, such as clicking on a phishing scam or using a weak password. And if there is an attack, losses are limited to isolated data sets.
Immutable data streams
Immutable events are data events with properties that cannot be modified, added or deleted. To prevent the loss of data in the event of a disaster, IQVIA’s eCOA platform employs an immutable data stream. This means that every piece of data is treated as an immutable object that cannot be modified or deleted. These immutable data sets are frequently backed up, which means if a database is lost or destroyed, it can be entirely rebuilt in potentially a matter of hours, ensuring client projects can continue seamlessly even in the event of an attack or other major event.
Secure cloud providers
All data captured via IQVIA eCOA is stored in cloud-based data centers that follow rigorous digital and physical security protocols. These include the latest encryption techniques, controlled access to data centers, and constant monitoring to ensure data security. Cloud providers also back-up all data to secondary locations, which reduces the potential risk of data center attacks or natural disasters that could impact a local site’s operations.
Data is one of the most critical resources in clinical research, so investing in leading-edge security must be a baseline requirement for successful solutions. If sponsors want the assurance that their data will be protected, they need to be sure their partners adhere to security protocols that are as rigorous and state-of-the-art as the rest of their offerings. Otherwise, sponsors may be more likely to put their research and patient data security at risk.
The good news is we are here to help. Reach out to us directly at ecoa@iqvia.com to speak to an expert today.
Fast, flexible and proven, IQVIA’s industry-leading electronic clinical outcome assessment (eCOA) platform ramps up efficiencies, delivers real-time data, and sharpens insights through best-in-class technology and a better patient experience.
Explore our Frequently Asked Questions (FAQ) page to learn more about general industry eCOA topics and also specific details about our IQVIA eCOA solution.
In these short demo videos, learn more about some of the key capabilities within the IQVIA eCOA platform including how to easily create an assessment, utilize the AI design tool, access automated screenshots and documentation, export/import translations, and view study data and reports.
Technology informed by unparalleled Decentralized Trials (DCT) operational experience and delivered at global scale.
Ease the burden on your sites and make it easier and more appealing for patients to enroll and remain engaged.
Combine data science, technology, and analytics driven by artificial intelligence to support new efficiencies and business insights -- without additional capital investment.