Big Pharma’s bet on Big Data creates opportunities and risks
Novartis wants every puff of its emphysema drug Onbrez to go into the cloud.
The Swiss drugmaker has teamed up with U.S. technology firm Qualcomm to develop an internet-connected inhaler that can send information about how often it is used to remote computer servers known as the cloud.
This kind of new medical technology is designed to allow patients to keep track of their drug usage on their smartphones or tablets and for their doctors to instantly access the data over the web to monitor their condition.
It also creates a host of “Big Data” opportunities for the companies involved – with huge amounts of information about a medical condition and the efficacy of a drug or device being wirelessly transmitted to a database from potentially thousands, even millions, of patients.
The potential scale of the so-called “Medical Internet of Things” has not been lost on pharmaceutical and tech firms around the world, both big companies hunting growth and smaller ones looking to provide bespoke products and services.
It has created unlikely alliances.
Novartis’ domestic rival Roche has also teamed up with Qualcomm and Danish diabetes drugmaker Novo Nordisk has partnered with IBM on cloud-linked device projects, for example, while healthcare device maker Medtronic is working with a U.S. data-analytics firm Glooko.
GlaxoSmithKline, meanwhile, is in talks with Qualcomm about a medical technology joint venture potentially worth up to $1 billion, according to people familiar with the matter.
However, with the opportunity comes risk.
Security experts warn that hacked medical information can be worth more than credit card details on the black market as fraudsters can use it to fake IDs to buy medical equipment or drugs that can be resold, or file bogus insurance claims.
The U.S. Centers for Disease Control and Prevention estimates there are 35 million U.S. hospital discharges a year, a billion doctor and hospital visits and even more prescriptions, much of which is stored in cloud databases.
Now the “Medical Internet of Things” is introducing more and more web-connected devices into the equation and pushing even more confidential patient data on to the cloud.
This is creating potential new opportunities for thieves seeking to penetrate medical companies’ security where they may target names, birth dates, policy numbers, billing data and the diagnosis codes needed to obtain drugs, say experts.
“The weakest link tends to be the medical device itself,” said Rick Valencia, senior vice president of Qualcomm Life, Qualcomm’s four-year-old healthcare unit. “They weren’t designed with the idea in mind that they would be going over the network and the information would be residing in cloud infrastructure.”
Medtronic, the world’s largest standalone medical device maker, said in 2014 it lost patient records in separate cyberattacks at its diabetes business.
“The more information, the easier identity theft is and the more valuable the profiles that the hacker can sell to third parties,” said Erik Vollebregt, a lawyer in Amsterdam who specializes in medical device cybersecurity and privacy.
He said it could also be possible for criminals to hack into web-connected medical devices, and threaten the lives of patients, to blackmail the manufacturer.
Despite no documented patient-endangering hacks, the U.S. Food and Drug Administration warned last year an infusion pump could be vulnerable to attack and asked healthcare providers to stop using it.
Novartis aims to have its inhaler for chronic lung disease, to be on the market by 2019. Other pharma-tech alliances include Aerocrine and Microsoft, which are working together on a cloud project to analyze data from allergy and asthma patients.
Google is, meanwhile, working with French drugmaker Sanofi to collect and analyze information from diabetes sufferers. The U.S. tech giant also has a partnership with Novartis to develop a smart contact lens that can monitor diabetics’ glucose levels.
All the companies involved in such projects say they are going to extreme lengths to protect patients’ data from hackers.
Philips has turned to San Francisco-based identity-management software maker ForgeRock to keep data from the Dutch company’s medical devices from falling into the wrong hands.
Software security expert Marie Moe, of Norway’s SINTEF scientific research foundation, said the wireless ports in the pacemaker that keeps her heart beating left it vulnerable to intrusion – but that she could not survive without the device.
“Wireless interfaces are a great benefit to certain patient groups,” she told Reuters. “But as a security researcher, I know connectivity also means vulnerability.”
(Additional reporting by Julie Steenhuysen in Chicago, Jim Finkle in Boston and Ben Hirschler in London; Editing by Pravin Char)