Blog
Defending data security in the time of COVID
Pandemic-related ransomware attacks are on the rise. Here's how to keep your eCOA trial data safe.
Michael Radford, Head of eCOA Technologies Customer Experience
Nov 12, 2020

The healthcare industry is leading the fight against COVID-19. Pharma companies, academic institutions, and public healthcare agencies have joined forces to develop safe and effective treatments as quickly as possible. But those efforts are facing yet another challenge – the increasing threat of cyber and ransomware attacks.

In September, eResearch Technology (ERT) suffered a malicious ransomware attack that locked staffers out of clinical trial data, some of which is being gathered for COVID-19 vaccine trials. Fortunately, no patient safety was put at risk, but the attack forced the company to take their system offline for roughly two weeks, which meant researchers had to temporarily track patients via back-up modalities, including, pen and paper documents. This impacted the data collection process and potentially delayed progress on vital research. And this is just one recent example.

Cybersecurity attacks on healthcare institutions and pharma companies have become alarmingly common in recent years, and the pandemic has only heightened the risk. Through this pandemic, cyber-attackers have been more inclined to take advantage of the “new normal” and the trend towards more virtual settings and exploit cyber-attack vulnerabilities across organizations.

Early in 2020, FBI cybersecurity experts reported an increase in COVID-19-related phishing scams and efforts to exploit weak passwords and unprotected virtual private networks. In July, the agency issued a warning that ransomware attacks were occurring against health agencies, private companies, and governments during the pandemic as criminals attempted to profit from holding critical patient data hostage.

This trend forces sponsors and sites to act more diligently in assessing the cybersecurity methods used by their own organizations and partners, particularly as remote monitoring and digital data collection tools are added into the clinical research workflow.

How IQVIA keeps your data safe

While these attacks will always be a risk, there are industry best practices that can help mitigate risks, giving sponsors, sites, and patients greater peace of mind. As a leading global provider of data and technology solutions to the life sciences industry, IQVIA’s security experts apply industry best practice data security strategies across our infrastructure and technology products. They are continually looking for ways to increase and uphold data security without compromising the user experience.

The scope of reach includes the IQVIA electronic Clinical Outcomes Assessment (eCOA) platform, which captures outcomes data directly from trial participants giving stakeholders almost instantaneous access to study insights and trends.

Implementing MFA
Capturing data directly from mobile devices in the hands of study participants creates new points of risk. To mitigate this risk on IQVIA’s eCOA platform, when patients complete diary entries or capture datapoints via the IQVIA Scribe mobile application, the application encrypts data at rest and sends the data away from the device in near real-time, storing it in a secure cloud-based data center. That dataset is protected by industry-leading technologies, remote data backup and a multi-factor authentication (MFA) process.

MFA is a security method that requires users to provide an additional authentication factor, such as an original texted code, before gaining access to a database or any other digital environment. It is considered an industry best practice to decrease the likelihood of a successful cyber-attack as it incorporates the three tenants of access management being “something you are” (unique user identity like a fingerprint), “something you know” (password known only by you) and “something you have” (rotating or one-time passcode).

Role-based access rules
To further protect data in eCOA possession, IQVIA hosts the data for every study in a separate digital environment that has varying scopes and specific role-based access options. Each user is only able to gain access to data that aligns with their organizational and/or study-specific role. For example, sponsors have the authority to access all study data across trial sites (study level role), while each site can only access their individual site data as controlled by the role and site assignment (site level role).

This limits the number of people who can interact with the data, minimizing the risk of losses due to human error, such as clicking on a phishing scam or using a weak password. And if there is an attack, losses are limited to isolated data sets.

Immutable data streams
Immutable events are data events with properties that cannot be modified, added or deleted. To prevent the loss of data in the event of a disaster, IQVIA’s eCOA platform employs an immutable data stream. This means that every piece of data is treated as an immutable object that cannot be modified or deleted. These immutable data sets are frequently backed up, which means if a database is lost or destroyed, it can be entirely rebuilt in potentially a matter of hours, ensuring client projects can continue seamlessly even in the event of an attack or other major event.

Secure cloud providers
All data captured via IQVIA eCOA is stored in cloud-based data centers that follow rigorous digital and physical security protocols. These include the latest encryption techniques, controlled access to data centers, and constant monitoring to ensure data security. Cloud providers also back-up all data to secondary locations, which reduces the potential risk of data center attacks or natural disasters that could impact a local site’s operations.

Data is one of the most critical resources in clinical research, so investing in leading-edge security must be a baseline requirement for successful solutions. If sponsors want the assurance that their data will be protected, they need to be sure their partners adhere to security protocols that are as rigorous and state-of-the-art as the rest of their offerings. Otherwise, sponsors may be more likely to put their research and patient data security at risk.

The good news is we are here to help. Reach out to us directly at ecoa@iqvia.com to speak to an expert today.

Related solutions

Contact Us