Cybersecurity in Distributed Clinical Trials

By Keith Parent, Founder and CEO, Court Square Group

I recently attended a conference of clinical operations professionals. I truly appreciate going to conferences such at this because I get to meet with senior level executives from a broad spectrum of life science companies. The conference included attendees from very large pharma companies to small and medium size biotechs. Hearing about the issues these companies need to address relating to setting up new clinical studies, working with CROs and coordinating distributed clinical sites across the country helps me better understand their day-to-day challenges. Typically, these challenges relate to patient centricity, clinical supply chain woes or regulatory delays.

This morning while attending a panel on Distributed Clinical Trials During the Covid Pandemic, a topic came up that I don’t usually hear about. The moderator discussed the concept of Cybersecurity. The reason Cybersecurity is again a hot topic is the new paradigm for clinical trials. The current trend of decentralized and distributed trials means clinical data is coming from multiple sources.

In actuality we’ve been dealing with this for a long time. However, sponsors have not been thinking about the number of transfer and integration points their data passes through along the path of a clinical trial. Executives at these firms tend to take it for granted that their data and all the integration points are secure. As a service provider for numerous clinical applications the security of clinical data is front and center in every aspect of Court Square Group’s operations.

In general, large pharma companies and large CROs have well established technology support groups and their cybersecurity and security practices are well established. However, the story is very different at start-ups and early-stage companies because they do not have the same luxury of robust in-house IT department. In early-stage companies their attention and resources are focused on completing their trials or submitting their INDs or NDAs. These organizations utilize some of the public networks, sharing sites or email without having considered the regulatory and security ramifications of their actions.

The news is filled with stories about malware and ransom attacks. Any single endpoint can expose a breach in your security. Do those smaller sponsors really know if the clinical sites they work with have vigorous security? These are all areas where we need to start taking more notice. In the past the larger companies would send out authorized laptops or hand-held devices so that they could have more control over where the data was collected. As technology has evolved to more web-based applications and other methods of gathering data, the issues of BYOD (Bring Your Own Device) are adding significant complications – on top of all the other clinical issues sponsors normally need to be concerned with.

Since your clinical data is your intellectual property (IP) it’s important to ensure that your vendors are taking the security of your data seriously and are following the proper procedures when you transfer data between external partners.

If you are conducting distributed clinical trials and you are concerned about the security of your data and intellectual property, talk to Court Square Group.