Researchers warn Canadian trials patient info 'too easy to crack'

By Alexandria Pesic

- Last updated on GMT

Passwords used to protect personal health information in Canadian clinical trials are often too easy to crack, according to a report in the Journal of Medical Internet Research (JMIR).

The report highlights an experiment conducted by researchers from the Children's Hospital of Eastern Ontario who used freely available commercial password recovery tools to access information contained in 15 password-protected files transmitted by email during regulated Canadian clinical trials.

With an estimated 41 per cent of Canadian trials making use of electronic data capture (EDC), they aimed to find out just how secure sensitive patient information was.

The results were shocking, with the team able to crack passwords for 93 per cent of the files, among them those containing thousands of records with sensitive health information on trial participants such as gender, date of birth, home address and telephone number, and the nature of the trial.

The team claimed: ​the passwords tended to be relatively weak, using common names of locations, animals, car brands, and obvious numeric sequences”

Notes posted on monitors

The report also highlights reported cases where study coordinators took home information saved on memory sticks, or emailed information to public accounts they could access from home, leaving the data unencrypted and vulnerable.

Other cases include incidents of passwords being shared to avoid individuals having to re-log in every time they wanted to work on a shared computer. But perhaps most shockingly, the researchers found examples of passwords being written on notes and posted on monitor screens were common.

Strong passwords

As a result of their findings, the research team presented a number of recommendations to Canadian clinical trial coordinators about how better to secure their information.

Those recommendations involved some technically complex solutions, such as using external file encryption tools with strong encryption algorithms to ensure the whole file is encrypted rather than simply certain parts of it.

The report went on to highlight the need for policies to be put in place to ensure stronger passwords are used, along with general guidelines on email security and information management security.

But most important among these warnings, claim the researchers, is that of password sharing:“It does not matter how strong a password is; if many individuals know that password then it is not a secure password.”

Related news

Show more

Related products

show more

Automated metadata management in clinical trials

Automated metadata management in clinical trials

Content provided by Formedix | 01-Aug-2023 | White Paper

When it comes to efficient clinical study build, content is king. Most importantly: metadata content. In this blog, we explore the role of metadata in...

Validate clinical study data with Formedix CORE

Validate clinical study data with Formedix CORE

Content provided by Formedix | 19-Jun-2023 | White Paper

In April 2023 at the CDISC Europe Interchange, we launched Formedix CORE, the first free-to-use, downloadable application encompassing the CDISC Open Rules...

SDTM supplemental qualifiers explained

SDTM supplemental qualifiers explained

Content provided by Formedix | 12-May-2023 | White Paper

What are SDTM supplemental qualifiers? In short, these are variables in non-CDISC datasets that cannot be mapped to a variable that matches the SDTM standard....

How clinical trial software can optimize trials

How clinical trial software can optimize trials

Content provided by Formedix | 17-Apr-2023 | White Paper

Companies often have to conduct multiple clinical trials at the same time, which means they've got to be efficient, and compliant with industry regulations....

Related suppliers

Follow us


View more