The life sciences industry can be divided into three main categories: research and development, manufacturing supply chain and the commercial model. Some organizations will focus on one category, while others will focus on all three.
Across the industry and all these categories, organizations are adopting digital, artificial intelligence (AI) and data-driven tools to improve drug testing, delivery, treatment and patient care.
In research and development, for example, there is a significant focus on genetic data trading, microbots, the use of real-world data for clinical trials and AI for big data discovery and the identification of new antibiotics to treat different diseases.
In the manufacturing supply chain, the focus in on Industry 5.0 – where humans and AI-powered robots will work side by side – and continuous manufacturing, while in the commercial setting, organizations are prioritizing the deployment of wearable tech devices to monitor patients’ health remotely.
Each life sciences category is unique, with different vulnerabilities and varied cybersecurity threats.
The cybersecurity vulnerabilities and solutions
“Since the COVID-19 pandemic, the life sciences and pharmaceutical organizations have seen an increase in cybersecurity threats,” said Prabhat Kumar, senior director and seasoned global cybersecurity leader at HCLTech, during an HCLTech Trends and Insights podcast.
Two key trends are causing this spike in cyber-attacks against the industry, according to Kumar. “The rapid adoption of public cloud and the vast amount of customer data, especially from wearable tech devices, are causing a particular challenge,” he says.
The growth of IoT wearable devices in patients’ homes is leading to a more complex connected environment and increased attack surface area for life sciences and healthcare institutions to defend. This increases the risks of a cybersecurity incident.
To mitigate these threats, organizations need to embrace a holistic approach to cybersecurity, which includes data privacy, data ethics, identity and access management (IAM) and zero-trust frameworks. In addition, security automation is a very important area, especially considering the reach of data, which is often beyond the boundaries or border of an organization. For example, pharmaceuticals will often turn to hospitals to carry out clinical trials.
“Crucially, organizations in life sciences need to become more resilient and focus on cyber resilience. If an organization is hit by a ransomware attack, it’s not about how soon you can make that data available, but how securely you can bring the right data back with the right integrity,” said Kumar.
He added: “As the boundaries and connected environments of these organizations expands with the proliferation of self-delivering medicines, remote health devices and implanted security chips, the need to monitor, manage and know all devices in the network and understand if there are any security flaws in the devices is of paramount importance.”
The rise of remote health
Despite the increased complexity and vulnerability, remote healthcare is on the rise. By 2024, according to Business Insider, remote patient monitoring services and tools are expected to reach 30 million US patients. The global remote healthcare market size is expected to reach $23.9 billion by 2028, up from $6.1 billion in 2020, according to Grand View Research.
“The threat of being able to manipulate someone’s medical devices and assign the wrong dosage of medicine is now very real,” warned Kumar.
Health data theft and manipulation is an increasing challenge and requires organizations to deploy IAM and digital rights management to enable visibility and the right permissions or access across the entire management of the user lifecycle.
Increasingly, this access is being facilitated by biometrics data. Biometrics information is stored locally on a users’ device and is used to authenticate that person through multiple mechanisms, which is also creating a more seamless user experience – a key part of any cybersecurity strategy.
In addition, Kumar highlighted data governance and privacy as essential tools in protecting the remote health environment. “This is the fundamental for any organization, which is deploying new devices and collecting end user or consumer data. A sound data governance and privacy management system goes beyond notification processes and requires a proper privacy risk assessment across the data being collected,” he said.
Extending biopharmaceutical security to enhance remote working
HCLTech has several Fortune 10 and 50 life sciences clients. Cybersecurity solutions and services are deployed in some of these organizations right across the value chain, from testing and prevention to response and recovery. On top of this, HCLTech incorporates security and privacy across the data lifecycle.
For one client, a large pharma organization based in Switzerland, HCLTech helped them realize their business strategy by securing their entire organization from end-to-end.
To achieve and adapt to its remote working ambitions, the pharma wanted to expand its security capabilities, with a cost-effective solution that enhanced employees’ experience through increased work visibility.
The digital experience monitoring (DEM) solution improved employee productivity, increased the net promoter score (NPS) by 18 points, unified and enhanced operational insights and enabled IT teams to troubleshoot and quickly resolve end-user IT issues.
“In this use case, we are not just a security supplier. We are helping the client secure their entire security operations, from IAM, privileged access management, security orchestration, infrastructure and cloud security all the way through to data privacy and application and IoT security,” added Kumar.