Technology permeates every aspect of our lives today—personally and professionally. It aids businesses in their ability to grow more quickly, and be more productive than ever before. And with the pros come the cons – hackers, ransomware, data breaches – we’ve all heard about them, so much so that warnings and precautions may fall on deaf ears. The adage of “It won’t happen to me” is easy enough to follow as focus turns back to the next product launch or client meeting. But when your business operates in a regulated world and answers to the U.S. Food and Drug Administration (FDA), life science and healthcare companies can’t afford to ignore cybersecurity.
Five things you should know about cybersecurity to protect your life science business:
- The FDA has issued draft guidance on cybersecurity responsibilities for medical device manufacturers. Direction and guidance is also provided for cybersecurity of mobile applications and health IT organizations. This document provides recommendations for monitoring, identifying and addressing vulnerabilities that may impact the efficacy of the device or patient safety. The recommendations are at least a starting point if you don’t know where to begin. Those meeting the suggested requirements will be in line for compliance if, or when something more concrete is issued.
- Even if your business doesn’t store sensitive information, it could be victim of a cyber-attack. A cyber-attack can entail more than stealing information. Malware can infect your computer and result in a denial-of-service (commonly known as ransomware) forcing you to pay the amount requested in order to regain access to your own files and software. The FBI has noticed a significant increase in the number of ransomware attacks reported in the last year, and recommends awareness training and contingency planning in the event of an attack. If you store Protected Health Information (PHI), there are additional requirements that must be met per the Health Information Technology for Economic and Clinical Health (HITECH) Act.
- If your staff isn’t trained, human error could circumvent all of your security efforts. You can have polices in place, and work with a third-party vendor for cybersecurity measures, but if your staff isn’t prepared, a simple mouse click could still result in a breach. According to an October 2015 survey of 1,200 full-time workers across the U.S., 45% do not receive any form of cybersecurity training at work. It’s important to educate your employees on policies and practices, and make training an ongoing process—not just a one-and-done task.
- Phishing emails can make it past your SPAM folder. Cyber criminals have evolved and are now more sophisticated than ever. According to a recent report, 93% of phishing emails contain ransomware. Emails containing malware can come from co-workers, friends, family—even other business email addresses that you recognize. Additionally, not all malware comes from emails; it can now be found in banners and advertisements on websites you may visit for perfectly legitimate reasons. Without even clicking on it, you’ve been affected.
- Cyber liability insurance products are available. You protect other aspects of your business with insurance; did you know that you can do the same for cyber and technology risks? Products vary and offer different types of protection. A good cyber policy can help pay for notification costs after a breach, as well as a media relations specialist, and even ransomware costs.
Heather L. M. Maver is a Life Science Account Executive at The Hoffman Group, an Oswald Company, and can answer your questions about cyber or other insurance products. You can contact her at firstname.lastname@example.org or follow her on Twitter: @hmoyer14 for the latest information about what’s happening in the life science industry.