Digital supply chain attacks in clinical trials

The digitalization of clinical trials has transformed biomedical research, facilitating data collection and analysis as well as collaboration among multiple stakeholders. However, this interconnection has increased exposure to cyberattacks, particularly those targeting the digital supply chain. These attacks not only compromise data integrity but also put patient safety and the reputation of the institutions involved at risk.

What is the digital supply chain in clinical trials?

The digital supply chain in clinical trials encompasses all the systems, platforms, and technological services involved in the management, storage, and analysis of clinical data. Its components include:

• Electronic Data Capture (EDC) platforms: Tools used for collecting and managing clinical trial data.

• Clinical Trial Management Systems (CTMS): Platforms that coordinate and oversee the progress of trials.

• Laboratory Information Management Systems (LIMS): Software that manages the information generated in laboratories during trials.

• Cloud infrastructures: Services that store and process large volumes of clinical data.

• Connected medical devices and IoT: Equipment that collects real-time patient data during trials.

The interconnection of these systems creates multiple entry points for potential attackers. A compromise at any link in the chain can trigger cascading effects, impacting data integrity and the continuity of the clinical trial.

Current Landscape of digital supply chain attacks

According to SecurityScorecard’s 2025 report, more than 70% of organizations experienced at least one significant cyber incident related to third parties last year. Moreover, fewer than half of organizations monitor more than 50% of their extended supply chain for cyber threats.

In the healthcare sector, the FDA has warned about public health risks stemming from poor cybersecurity in the manufacturing of medical products, urging the establishment of stricter standards.

Notable cases

• Miljödata Attack (Sweden, 2025): A ransomware attack on an IT systems provider affected approximately 200 municipalities and regional governments in Sweden, disrupting critical services and compromising personal data.

• Medical Data Breach in Argentina (2025): The hacking of Informe Médico exposed more than 665,000 medical records, highlighting the vulnerability of data management systems in the healthcare sector.

Types of digital supply chain attacks in clinical trials

Ransomware

Ransomware attacks
can cripple EDC and CTMS platforms, disrupting data collection and analysis. In 2025, an increase in the sophistication of these attacks has been observed, specifically targeting cloud service providers used in clinical trials.

Phishing and identity spoofing

Compromise of connected medical devices

IoT devices used in clinical trials can be exploited to gain access to sensitive data. The lack of security updates and constant connectivity increase their vulnerability to cyberattacks.

Data manipulation in transit

Attackers can intercept and alter data during transmission between systems, compromising the integrity of trial results and potentially affecting patient safety.

Consequences of digital supply chain attacks

Impact on data integrity

The alteration or loss of data can invalidate the results of a clinical trial, delaying its progress and affecting the approval of new treatments by regulatory authorities.

Risks to patient safety

The exposure of sensitive personal data can jeopardize patient privacy and, in extreme cases, their physical safety if the data is maliciously misused.

Reputational and financial damage

Organizations affected by cyberattacks face regulatory penalties, loss of trust from patients and sponsors, and costs associated with system and data recovery.

Mitigation and protection strategies

Implementation of Zero Trust Architecture

Adopting a Zero Trust security model, which assumes that no entity, internal or external, is trusted by default, can help protect critical clinical trial systems. This approach includes continuous identity verification and network segmentation.

Third-Party risk management (TPRM)

Continuously assessing and monitoring vendor security is essential. Tools such as Censinet RiskOps™ enable real-time vendor risk assessments and monitoring.

Data encryption and multi-factor authentication

Implementing end-to-end encryption to protect data in transit and at rest, along with multi-factor authentication, can significantly reduce the risk of unauthorized access.

Staff training and awareness

Training employees in cybersecurity best practices and conducting attack simulations can improve incident response and reduce the likelihood of human error.

Digital supply chain attacks in clinical trials pose a significant threat to data integrity, patient safety, and the continuity of biomedical research. It is imperative that organizations adopt proactive and collaborative approaches to strengthen cybersecurity across every link of the supply chain. Implementing strategies such as Zero Trust, third-party risk management, and ongoing staff training are fundamental steps to mitigating these risks and ensuring the success of clinical trials in today’s digital environment.