Regulatory Open Forum

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?

Hi, Elijah -

I completely agree that as we come into the digital age, this is an important topic for our industry.  Overall, pharma faces many of the same challenges as other industries, and most large companies have effective groups planning for this threat.

My personal concerns break down into the following, focusing on the unique risks of pharma:

1) Malicious intent

• Medical devices with a software component – hacking could result in ineffective or dangerous devices
• Automated equipment – hacking of automated manufacturing equipment could jeopardize manufacturing, resulting in lost revenue and potentially drug shortages.
• Destruction of records – already addressed by most companies as part of disaster planning, but hacking adds an additional level of risk, and regulated industry has a higher volume of required records.

2) Information theft

• Patient personal information – just like any other industry with access to personal information, it is essential that pharma protects this data against theft or misuse.
• Proprietary business or manufacturing information - this is the same risk that all businesses with proprietary information face.

3) Counterfeiting/product theft

• Labeling – access to electronic copies of labeling, serialization mechanisms, and/or hidden security measures would make products easier to counterfeit.
• Expiry or other lot information – Altering or erasing information on expired or sub-quality lots could enable counterfeiters to pass these off as saleable units
• Shipment/storage information – Acquiring information on shipment and storage plans could make theft easier to occur or more difficult to detect.

I'll be interested to see what additional concerns others have...

Best,

Cathy

Hi, Elijah -

I completely agree that as we come into the digital age, this is an important topic for our industry.  Overall, pharma faces many of the same challenges as other industries, and most large companies have effective groups planning for this threat.

My personal concerns break down into the following, focusing on the unique risks of pharma:

1) Malicious intent

• Medical devices with a software component – hacking could result in ineffective or dangerous devices
• Automated equipment – hacking of automated manufacturing equipment could jeopardize manufacturing, resulting in lost revenue and potentially drug shortages.
• Destruction of records – already addressed by most companies as part of disaster planning, but hacking adds an additional level of risk, and regulated industry has a higher volume of required records.

2) Information theft

• Patient personal information – just like any other industry with access to personal information, it is essential that pharma protects this data against theft or misuse.
• Proprietary business or manufacturing information - this is the same risk that all businesses with proprietary information face.

3) Counterfeiting/product theft

• Labeling – access to electronic copies of labeling, serialization mechanisms, and/or hidden security measures would make products easier to counterfeit.
• Expiry or other lot information – Altering or erasing information on expired or sub-quality lots could enable counterfeiters to pass these off as saleable units
• Shipment/storage information – Acquiring information on shipment and storage plans could make theft easier to occur or more difficult to detect.

I'll be interested to see what additional concerns others have...

Best,

Cathy

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?

I think Catherine put together a really good list. I'd add a couple of other considerations.

- DOS attacks - for telemedicine and other devices with remote monitoring, a DOS could lead to important risks without actually targeting the device. If significant parts of the internet are slowed or offline, there will be impacts.

- the time to get approvals for some types of devices & drugs when making cyber-security updates. FDA is aware of this, and in fact appears to be proposing a reasonable approach in the recent Draft Guidance on when to File a 510(k) for software changes. However, this does not yet help with PMA devices, drug production lines etc.

g-

Hi, Elijah -

I completely agree that as we come into the digital age, this is an important topic for our industry.  Overall, pharma faces many of the same challenges as other industries, and most large companies have effective groups planning for this threat.

My personal concerns break down into the following, focusing on the unique risks of pharma:

1) Malicious intent

• Medical devices with a software component – hacking could result in ineffective or dangerous devices
• Automated equipment – hacking of automated manufacturing equipment could jeopardize manufacturing, resulting in lost revenue and potentially drug shortages.
• Destruction of records – already addressed by most companies as part of disaster planning, but hacking adds an additional level of risk, and regulated industry has a higher volume of required records.

2) Information theft

• Patient personal information – just like any other industry with access to personal information, it is essential that pharma protects this data against theft or misuse.
• Proprietary business or manufacturing information - this is the same risk that all businesses with proprietary information face.

3) Counterfeiting/product theft

• Labeling – access to electronic copies of labeling, serialization mechanisms, and/or hidden security measures would make products easier to counterfeit.
• Expiry or other lot information – Altering or erasing information on expired or sub-quality lots could enable counterfeiters to pass these off as saleable units
• Shipment/storage information – Acquiring information on shipment and storage plans could make theft easier to occur or more difficult to detect.

I'll be interested to see what additional concerns others have...

Best,

Cathy

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?

I think Catherine put together a really good list. I'd add a couple of other considerations.

- DOS attacks - for telemedicine and other devices with remote monitoring, a DOS could lead to important risks without actually targeting the device. If significant parts of the internet are slowed or offline, there will be impacts.

- the time to get approvals for some types of devices & drugs when making cyber-security updates. FDA is aware of this, and in fact appears to be proposing a reasonable approach in the recent Draft Guidance on when to File a 510(k) for software changes. However, this does not yet help with PMA devices, drug production lines etc.

g-

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?

From identity theft and fraud, to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments. Cybersecurity is a huge global concern - not just for manufacturers of healthcare and related products. The Food and Drug Administration (FDA) held a public meeting in January 2016 to discuss the threat and ramification of cybersecurity related issues. What are your main concerns when it comes to the regulatory industry and cybersecurity on a global scale?