Sheila Mackay | Xerox Litigation Services
It’s a bitter pill to swallow: An employee your organization fired last week just logged in to your company’s network and stole confidential information, including patients’ names, Social Security numbers, and medical symptoms. Because his username and password were still active, he easily evaded your system’s security measures. Furthermore, he was able to download clinical trial data even though employees in his role have no reason to access it.
Criminal insiders like this former employee, along with malware, are responsible for most data breaches, according to the Ponemon Institute’s 2013 Cost of Data Breach Study. However, preventable breaches—those caused by employee negligence and system glitches—account for the remaining 59 percent. When breaches occur in a heavily regulated industry like pharmaceuticals, they have astoundingly high costs because of the stringent data privacy and protection laws at the state, national, and international level. Two additional factors make breaches in pharmaceutical companies even more risky: an ever-increasing volume of data and the loss of control over data stored on mobile devices.