Data security has progressed from a mere luxury to an essential component of all biomedical research and healthcare facilities within the last two decades. With the ever expanding amount of data generated from high-throughput technologies to the enhanced scope and sophistication of cybersecurity attacks, labs now depend more than ever on methods to curb breaches and protect their studies from tampering or theft. Thankfully, there are several equally sophisticated options for labs to rely on, including cloud-based platforms and blockchain that can help mitigate these threats.

Integrate secure systems into data workflows

One of the most effective ways to improve data security is by utilizing sophisticated cloud-based systems for data collection and analysis. As most standard systems rely on internet connectivity for updates and data transfer, they also require safeguards against cyberattacks as well as unsolicited monitoring, data capture, and data manipulation. While cloud-based systems are also “online,” they integrate a stringent security framework, often with data encryption and multi-factor authentication options.

Though the potential of blockchain has yet to be fully realized, its utility in enhancing data security is nearly unparalleled. Blockchain represents a set of interconnected, decentralized blocks of encrypted information. This type of system is essentially immutable, as attempts to tamper with the data are made evident along the entire set of data blocks, thus alerting every legitimate blockchain owner. Likewise, for changes to be adopted into the blockchain, all users must independently verify the legitimacy of the data. Blockchain has already been implemented in clinical trials to protect data, protocols, consent forms, and generic participant data.¹ However, because of its dependence on multiple users to access data, blockchain cannot yet be considered a quick and efficient method of data security for the day-to-day activities of most labs and healthcare facilities.

Identify, assess, and mitigate vulnerabilities

No system is foolproof. Those developing, integrating, and using the system are responsible for assessing potential vulnerabilities and designing methods of shoring them up. Several aspects that should be assessed and continually monitored include data storage, end-to-end data pipeline, and user access and security. According to the National Institute of Standards Technology (NIST) Cybersecurity Framework, five principles should be applied to protect these systems:²

• Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
• Protect: Develop and implement appropriate safeguards to ensure the delivery of critical services.
• Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
• Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
• Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

The NIST Cybersecurity Framework also outlines steps to efficiently establish or improve a cybersecurity program:

• Step 1: Prioritize objectives and scope. This may involve identifying and prioritizing objectives related to cybersecurity.
• Step 2: Orient related systems, assets, regulatory requirements, and risk approach. Here, it is helpful to consult other companies or individuals to identify potential threats and vulnerabilities.
• Step 3: Create a current profile based on the NIST’s five principles that includes all objectives and to what capacity they are currently achieved.
• Step 4: Conduct a risk assessment to determine the likelihood of a security breach and its potential impact.
• Step 5: Create a target profile that focuses on desired long-term cybersecurity goals and potential outcomes.
• Step 6: Determine, analyze, and prioritize gaps in the current profile and create an action plan. The action plan should address funding, resources, workforce, and security gaps.
• Step 7: Implement the action plan.

For all systems, identification, assessment, and mitigation should be repeated continually to assess and improve cybersecurity over the long term. Over time, as security threats grow in sophistication, it is the responsibility of all those involved in the generation, analysis, and storage of biological data to not only keep passwords protected and utilize antivirus systems, but also to reliably assess risk and strategize accordingly, so that these threats are kept in check.

LabTAG by GA International is a leading manufacturer of high-performance specialty labels and a supplier of identification solutions used in research and medical labs as well as healthcare institutions.

References: