In at least one Canadian hospital, clinical trial data security is all but a farce. Sneaky researchers at Children's Hospital of Eastern Ontario took a break from their drug development work to run a little test. They used commercially available password-recovery tools to access information contained in 15 password-protected files that had been transmitted by email during regulated clinical trials. They succeeded in cracking the passwords of all but one of the 15 files. Thirteen of them contained thousands of records on trial volunteers, including their birth dates, home addresses and telephone numbers.
Weak passwords are to blame, but the data security travesty doesn't end there. Interviews with 20 study coordinators revealed that some of them took their work home on memory sticks and emailed information to accounts they could access from home, Outsourcing-Pharma reports. The researchers found also cases of password-sharing to avoid multiple log-ins, as well as this classic: passwords written on notes and posted on computer screens.
The work appears in the open-access Journal of Medical Internet Research.