Security for the Pharmaceutical Industry

Theft of your Intellectual Property, loss of your clinical trial data, not maintaining accurate electronic patient records - these are just some of the security risks pharmaceutical companies face. This page will guide you in securing your pharma company.


The pharmaceutical industry faces some of the biggest security threats of any industry. The significant amount of money involved in the industry combined with the large amount of personal information (name, address, social security number etc.) captured from patients makes it a natural target for cyber criminals. The risk is compounded by the need for information to be accessible quickly for patient care whilst balancing this with the disclosure requirements for the industry.
Across all industries, the Healthcare industry suffered the second most data breaches in 2017 with 458 security incidents and 296 confirmed data leaks (according to the widely respected Verizon Data Breach Report). 68% of breaches were the result of Internal threats, 32% from External threats and 6% from Partners.

Now you know the risks facing the pharmaceutical industry what can you do to protect yourself?

1) Identify and Protect Your Most Important Data

It’s only logical to want to protect your most important data. However, simple questions such as what is your most important data and where is it stored are not easily answered. Therefore you can’t be sure if that data is secured – whether physically or logically. This weakness can be exploited by cyber criminals in order to steal your company’s data with devastating consequences:

• Imagine the intellectual property your company has invested significant amounts of money in developing and patenting – being stolen and sold to a competitor.

• Imagine the clinical trial data that your company spent so long conducting and needs to be shown is valid and not tampered with – being rejected by the regulator and delaying product release.

• Imagine the patient data that your company stores which patients have entrusted you to keep – being stolen by fraudsters so they can commit identity fraud.

Part of the problem is that many pharmaceutical companies don’t think of themselves as being in the data management business, so they don’t adequately protect patient data against today’s threats. In most cases, breaches have less to do with advanced hacking techniques and more to do with human error such as losing laptops/USB sticks, failing to shred paper records, not setting secure passwords etc.

2) Show Customers and Shareholders You Are Secure

Data breaches have become common reporting within the media, especially since the Edward Snowdon and Wikileaks revelations. As a result, customers and shareholders are coming to the realisation that it is no longer just the big banks or government institutions that can suffer a cyber attack, companies of all sizes in any industry are vulnerable.
With the average cost of a data breach for a whopping £1.9million (Ponemon Institute’s Cost of a Data Breach Study), shareholders will be concerned how secure their investment would be in your company.

With healthcare data being so valuable, it can be sold on the black market between £7 – £35 a record (Experian Data Breach Industry Forecast), customers will be concerned how secure their health data would be in your company.

3) Pass Regulatory Audits

Regulatory audits are part and parcel of operating a pharmaceutical company. Whether it’s the FDA, MHRA or EMA audits security controls required to protect the confidentiality of patient data and the integrity of clinical data.

With a 10-fold increase in data breaches over the last 5 years, many organisations have been taken to task by regulators and the media over their poor security.


Kindus understands the distinct security needs of the pharmaceutical industry. Our dedicated Pharmaceutical Security team are experienced in HIPAA, GAMP5 and ISO 27001 compliance making us ideally placed to advise on your security needs. Some of our biggest clients are pharmaceutical companies or provide support to the pharmaceutical industry and have become their trusted partners in all things security.

Some specific ways we can help you are:
• Help you identify your most important data and ensure adequate security controls are in place to secure it.
• Help you demonstrate to your customers and stakeholders you take security seriously by achieving the ISO 27001 accreditation – an internationally recognised standard for information security.
• Educate your staff to be aware of information security risk and threats, what pitfalls they should look out for (to prevent an incident occurring), and what to do if an incident does occur (to limit the damage).
• Identify security weaknesses within your company through internal audits so you can fix them before a customer or regulatory audit takes place.
• Identify security weaknesses within your key suppliers through supplier audits to provide you assurance that weaknesses on their part won’t compromise the service you provide customers.

Contact our Pharmaceutical Security team on (+44) 01422 400 153 to discuss your requirements. We’ll be more than happy to have a chat to identify the service right for you.