Hogan Lovells 2024 Election Impact and Congressional Outlook Report
While many of the recent most highly publicized data breaches have involved high-profile consumer brands, the life sciences sector is an increasingly attractive target for a cyber attack. Criminal attackers are targeting the health sector as part of industrial espionage programs and to obtain patient information that can fetch premium prices on the black market. In developing a cybersecurity strategy to combat potential threats, life sciences companies should employ a comprehensive strategy involving an assessment and analysis of likely risks, and active and continuing planning, training, and updating of cybersecurity strategies. Regulators have already signaled that cybersecurity risk assessments are foundational to meeting legal requirements and can define the baseline for what constitutes reasonable security measures within an organization.
Hogan Lovells partner Marcy Wilder has identified the following five key factors for life sciences firms to consider in developing a cybersecurity strategy:
1. Know you are a high-value target
“Life sciences firms hold an ever increasing amount of data, from drug formulas and device specifications to patient records drawn from clinical trials,” Wilder says. “At the same time, the sector as a whole continues moving toward digital platforms. That combination makes these companies particularly attractive – and vulnerable.”
2. Understand the risks
“It used to be that when life science companies thought about data security, they were concerned primarily with compliance and its related legal obligations,” Wilder says. “But with the rise of very high profile cyber attacks, firms must now think about how to manage the crisis, how to take care of people who have been affected, and how to manage potential lawsuits and public relations fallout. It demands a more comprehensive approach.”
3. Plan, and then practice
“The value of a tabletop exercise when it comes to cyber security preparedness cannot be overstated,” Wilder says. “Get the right people in the room – that means leadership, communications, lawyers, customer service, and IT – and make sure they know exactly what their job will be in the event of an attack.”
4. Stay current
“In an area evolving as rapidly as this one, it is crucial to be up-to-date on best practices and trends,” she says. “Companies should be sure that they are working with firms that possess proven leadership in both cyber security and life sciences. They need a partner that truly knows the field, and is committed to communication and collaboration.”
5. Build relationships early
“The takeaway is to prepare, to practice, to build a relationship with a law firm with deep expertise in life sciences, one able to say it’s been through it,” Wilder advises. “You do not want to be speed dating law firms when you’re in the middle of a crisis.”
Authored by the HL Chronicle of Data Protection Team