3 Game-changing Cybersecurity Practices Pharmaceuticals Should Take into Consideration

September 29, 2020

Contributed Commentary by Roberto R. Garcia  

September 29, 2020 | Pharmaceutical breakthroughs and medical research comprise an immeasurably important chunk of the global healthcare industry, warranting an equally robust cybersecurity infrastructure. Email communications, attachments, and other forms of cross-network data exchange produce an exponentially growing amount of information, much of which is personal or sensitive. The healthcare industry is no stranger to the devices of cybercriminals who target hospitals, clinics, research institutions, and pharmaceutical companies in search of highly expensive personal health information to be sold on the darknet.

Between 2018 and 2019, 510 healthcare data breaches of 500 or more records were reported, representing a 196% increase in such attacks. Pharmaceuticals and healthcare providers have invested at least $10 million annually to combat such attacks, finding only limited success. With digital transformation taking healthcare by storm with the likes of telemedicine due to COVID-19, managing data flows in a highly secure, seamless manner is an absolute necessity. Data management efficiency, file transfer integration, and automating financial accounting data are three key components of ensuring a competitive security posture.

Data Management Efficiency

Due to the complex business structures that make up the pharmaceutical industry, relying on a single, efficient communication platform can more effectively resolve potential security complications without draining valuable time and energy across a wide array of incoherent platforms. The healthcare industry can at times lag behind technologically, relying on outdated legacy systems that still get the job done, but at a much higher cost. Easy to use file sharing tech, such as Google Drive or Dropbox, could seemingly ease communication strains across disparate departments or subsidiaries, but sorely lack in adequate threat protections or authentication processes to protect data exchange. By crystallizing both communication processes and automated security policies into a single, cross-network platform, there is no longer a need to rely on difficult-to-manage legacy systems. Effective managed file transfer can greatly increase threat visibility by simplifying the IT processes that would detect suspicious activity, acting as an automated traffic cop on the information highway. This greatly reduces the burden placed on IT personnel who no longer have to become experts in multiple software systems or communication platforms.

File Transfer Integration

Once internal operational efficiency is established, ensuring that file transfer integration can be accomplished for business-critical applications and third-party applications becomes essential. Pharmaceutical companies are either large in and of themselves or owned by a larger parent company—not to mention the various associations with medical institutions throughout the healthcare sector. Organization is an essential piece of successful communication between partners and vendors, with daily file transfers typically exceeding 3,000 for a leading pharma company. As part of a singular, secure data exchange platform, creating a centralized standard file archive can greatly reduce miscommunication between partners and properly scan any outside data exchange for malware or other potential cyberattacks. A well-executed file retention policy can also mitigate risks associated with handling both internal and external data, avoiding the cost of non-compliance in addition to maintaining a trustworthy reputation.

Automating Financial Accounting Data

Automating all financial records can greatly save time, improve security, and increase the accuracy of an organization’s economic outlook. For the pharmaceutical industry, this is non-negotiable, as the U.S. market alone represents a share of at least $446 billion. Payment fraud is a legitimate risk, which can easily be missed by overwhelmed IT professionals managing a plethora of accounting platforms and general security concerns. This is where an automated financial policy can truly shine, eliminating any need for human intervention or coding within file transfer workflows. An example of a cohesive policy could include a poll every 30 seconds, automatically picking up a file and transforming it from an xml to plaintext, and then returning a notification of receipt within two minutes to emulate the process within other potential company branches, retail chains, third-party vendors, or healthcare providers.

Data management efficiency, paired with easy file transfer integration and automated financial policies can effectively combat the overwhelming amount of cybersecurity threats continually faced by the healthcare industry. Digital transformation is no longer an optional or secondary component of a truly competitive pharmaceutical company, especially in the age of COVID-19. Patients, partners, and vendors all expect convenient, easy, and secure communication from the companies and institutions they interact with. As pharma continues to play a critical role in the healthcare sector, finding the balance between good security policy and hi-tech convenience will be a difficult, yet unavoidable feat. 

Roberto R. Garcia has more than 20 years of experience in defining, architecting, managing, and implementing a broad range of information systems and applications, focusing on computer security and IT compliance.  As Globalscape’s VP of Product Strategy and Engineering, Garcia is responsible for strategic and tactical product planning and the entire product life cycle for Globalscape products. He can be reached at rgarcia@globalscape.com.