Subscribe to Email Updates

Quality Creates...Perspective

What Life Science Companies Can Learn from Former Equifax CEO Richard Smith

Alexa Sussman
by Alexa Sussman on Wed, Oct 04, 2017

What Life Science Companies Can Learn from Former Equifax CEO Richard SmithOn Tuesday, former Equifax CEO Richard Smith testified before the House Energy and Commerce Committee about the credit firm’s recent massive security breach.

Although Smith took full responsibility for the breach occurring under his leadership, congress was unsatisfied with his apologies and criticized his lack of actions immediately following the incident.

“It’s like the guards at Fort Knox forgot to lock the doors and failed to notice thieves emptying the vaults,” said Greg Walden, the Republican chairman of the House subcommittee.

This issue brings to light the very real threats to cybersecurity—and Life Science organizations should take heed.

With the rise of artificial intelligence and data capturing in medical devices, Life Science organizations are vulnerable to potentially catastrophic breaches involving hospital records and patients’ personal information.

If you haven’t buckled down on a cybersecurity plan yet, now is the time to start. Here are some steps you can take, based on the FDA’s industry guidance:

  • Have a set procedure in place for detecting and monitoring cybersecurity vulnerabilities. Involve necessary personnel, including internal IT and outside experts.
  • Use risk management to understand the impact any potential risk can have through all stages of the product lifecycle, from planning to postmarket. For organizations handling large quantities of sensitive data, utilize tools like a bowtie matrix to plan controls for potentially catastrophic breaches.
  • Include external stakeholders in cybersecurity planning. Researchers, consultants and industry experts are useful resources.
  • Take a proactive approach to cybersecurity, with a focus on mitigating risk rather than creating a disaster recovery plan.

The Equifax data breach was a disaster that affected almost 150 million Americans, making it one of the worst breaches of its kind in history. In its wake, people in high-impact industries need to learn from this, so it doesn’t affect their patients and consumers.

The most salient point to be taken is that companies need to take a proactive approach to cybersecurity. Having a plan for responding to attacks isn’t enough because at that point, it’s too late to protect sensitive information.

With medical device technology advancing to new levels, there are more ways than ever for cybercriminals to target innocent victims. Approaching your product lifecycle with cybersecurity risk management in mind at every step can put you ahead of cybercriminals, eliminating the chance of attacks before they even start.

The Risk Management Guidebook

Leave a comment

Alexa Sussman
Written by Alexa Sussman
Written by Author

Related posts

ETQ Salutes Customers Recognized for Their  Pandemic Work

Spotlighting ETQ customers on the frontlines of the effort to defeat a global pandemic

At ETQ, we spend a lot of time...

Chris Nahil
By Chris Nahil - April 15, 2020
Lab Safety: How QMS Software Can Prevent Costly Mistakes


Creating a culture of quality in the workplace starts with reducing the potential for human error. 

Simple mistakes can...

Rachel Beavins Tracy
By Rachel Beavins Tracy - July 30, 2019
ETQ Reliance 2019 Now Available

We are excited to announce the release of ETQ Reliance 2019, a major upgrade to our flagship QMS SaaS product. The latest...

Morgan Palmer
By Morgan Palmer - January 29, 2019