Healthcare Hacking & Data Security - Why Brands Should be Concerned

Since its beginning, the pharmaceutical industry has relied on personal data for multiple activities. Today, patient and product data are integral to nearly all operations of drug makers – including clinical research, manufacturing, and patient and healthcare provider outreach. Now more patient data than ever before is in digital format, providing a fertile environment for hacking.

An Industry Still Vulnerable

As digital communication has evolved, pharma and other healthcare companies have endured data vulnerability issues. For example, Merck was publicly scrutinized and criticized after its database was successfully hacked in June 2017. Entities such as Quest Diagnostics and University of Washington Medicine have felt the pain. Even the purportedly impenetrable Healthcare.gov site found its records compromised in 2018.

Pharma brands have had their eyes open to threats posed by digital vulnerabilities, potential mishandling of patient information, IP theft, and other hazards for years. The world’s biggest pharma companies have tightened up their data practices, and EHR providers, hospital systems, and insurers have similarly buttoned up their data management policies.

But many smaller players have not followed suit, leaving a hole in healthcare data protection. A big issue is that some companies do not understand the state of their data management. In some cases, brands pass the responsibility for ensuring data security to third-party partners such as digital app makers that may have less at stake than their healthcare partners. Often, a lack of data security focus leaves patient data – and a brand’s reputation – vulnerable.

On top of that, issues such as malware, bot attacks, and other digital schemes have added to the anxiety pharma and other healthcare brands face.

Trust in Data Security is a Big Issue

Healthcare consumers want to trust their providers. A 2017 study from Accenture revealed that 88 percent of consumers trust healthcare providers (HCP) to keep digital healthcare data secure. Unfortunately, that trust is not currently extended to pharmaceutical brands.

Drug makers continue to suffer with an industry-wide unfavorable reputation based primarily on their business practices. With the addition of cyber vulnerabilities that can lead to distrust in the marketplace, pharma companies are faced with a daunting task to resurrect the industry.  

Issues for Pharma Brands

Brands are vulnerable to myriad digital threats and cyberattacks can come from several directions. They are not always aimed at accessing patient healthcare information. In some cases, a pharma brand may become victim to corporate espionage.

Among the persistent threats still faced by pharma and other healthcare brands are:

1. Account takeover. Social media and email accounts are hijacked by hackers who use them to harm a brand’s reputation.
2. Ransomware. Web links, often delivered via email, threaten to encrypt files if a ransom is not paid.
3. Bot attacks. Thousands of bots attack a brand’s reputation, creating misinformation at massive scale until paid to stop.
4. Outside threats. An HCP accidentally clicks a malicious link while using a device connected to a brand’s internal networks, providing access to hackers.
5. Property theft. Stolen laptops or other devices that are not properly secured can be hacked for sensitive company data.
6. Spyware. An accidental download of spyware through a third-party program used by an employee.
7. Poor data management policies. Hackers access a brand’s intranet through a former employee’s login credentials.
8. Mobile communications. Unsecured mobile devices, especially for BYOD companies, are targeted via downloads that open the door to malicious activity.

The good news is that there are steps pharma brands can take to secure data and protect sensitive company information. In a future post we will discuss some of the ways to defend against these threats.

Stay informed with our Elsevier blog and market intelligence.

Article Written by: Alex Brown