What Life Science Companies Can Learn from Former Equifax CEO Richard Smith
On Tuesday, former Equifax CEO Richard Smith testified before the House Energy and Commerce Committee about the credit firm’s recent massive security breach.
Although Smith took full responsibility for the breach occurring under his leadership, congress was unsatisfied with his apologies and criticized his lack of actions immediately following the incident.
“It’s like the guards at Fort Knox forgot to lock the doors and failed to notice thieves emptying the vaults,” said Greg Walden, the Republican chairman of the House subcommittee.
This issue brings to light the very real threats to cybersecurity—and Life Science organizations should take heed.
With the rise of artificial intelligence and data capturing in medical devices, Life Science organizations are vulnerable to potentially catastrophic breaches involving hospital records and patients’ personal information.
If you haven’t buckled down on a cybersecurity plan yet, now is the time to start. Here are some steps you can take, based on the FDA’s industry guidance:
- Have a set procedure in place for detecting and monitoring cybersecurity vulnerabilities. Involve necessary personnel, including internal IT and outside experts.
- Use risk management to understand the impact any potential risk can have through all stages of the product lifecycle, from planning to postmarket. For organizations handling large quantities of sensitive data, utilize tools like a bowtie matrix to plan controls for potentially catastrophic breaches.
- Include external stakeholders in cybersecurity planning. Researchers, consultants and industry experts are useful resources.
- Take a proactive approach to cybersecurity, with a focus on mitigating risk rather than creating a disaster recovery plan.
The Equifax data breach was a disaster that affected almost 150 million Americans, making it one of the worst breaches of its kind in history. In its wake, people in high-impact industries need to learn from this, so it doesn’t affect their patients and consumers.
The most salient point to be taken is that companies need to take a proactive approach to cybersecurity. Having a plan for responding to attacks isn’t enough because at that point, it’s too late to protect sensitive information.
With medical device technology advancing to new levels, there are more ways than ever for cybercriminals to target innocent victims. Approaching your product lifecycle with cybersecurity risk management in mind at every step can put you ahead of cybercriminals, eliminating the chance of attacks before they even start.