* Novartis plans to sell cloud-connected inhaler by 2019
* Part of companies' push into "Medical Internet of Things"
* Pharma and tech firms teaming up in hunt for Big Data
* But web-enabled devices present privacy and security risks
By John Miller
ZURICH, Jan 26 (Reuters) - Novartis wants everypuff of its emphysema drug Onbrez to go into the cloud.
The Swiss drugmaker has teamed up with U.S. technology firmQualcomm to develop an internet-connected inhaler thatcan send information about how often it is used to remotecomputer servers known as the cloud.
This kind of new medical technology is designed to allowpatients to keep track of their drug usage on their smartphonesor tablets and for their doctors to instantly access the dataover the web to monitor their condition.
It also creates a host of "Big Data" opportunities for thecompanies involved - with huge amounts of information about amedical condition and the efficacy of a drug or device beingwirelessly transmitted to a database from potentially thousands,even millions, of patients.
The potential scale of the so-called "Medical Internet ofThings" has not been lost on pharmaceutical and tech firmsaround the world, both big companies hunting growth and smallerones looking to provide bespoke products and services.
It has created unlikely alliances.
Novartis' domestic rival Roche has also teamed upwith Qualcomm and Danish diabetes drugmaker Novo Nordisk has partnered with IBM on cloud-linked deviceprojects, for example, while healthcare device maker Medtronic is working with a U.S. data-analytics firm Glooko.
GlaxoSmithKline, meanwhile, is in talks withQualcomm about a medical technology joint venture potentiallyworth up to $1 billion, according to people familiar with thematter.
However, with the opportunity comes risk.
Security experts warn that hacked medical information can beworth more than credit card details on the black market asfraudsters can use it to fake IDs to buy medical equipment ordrugs that can be resold, or file bogus insurance claims.
The U.S. Centers for Disease Control and Preventionestimates there are 35 million U.S. hospital discharges a year,a billion doctor and hospital visits and even moreprescriptions, much of which is stored in cloud databases.
CLOUD CONCERN
Now the "Medical Internet of Things" is introducing more andmore web-connected devices into the equation and pushing evenmore confidential patient data on to the cloud.
This is creating potential new opportunities for thievesseeking to penetrate medical companies' security where they maytarget names, birth dates, policy numbers, billing data and thediagnosis codes needed to obtain drugs, say experts.
"The weakest link tends to be the medical device itself,"said Rick Valencia, senior vice president of Qualcomm Life,Qualcomm's four-year-old healthcare unit. "They weren't designedwith the idea in mind that they would be going over the networkand the information would be residing in cloud infrastructure."
Medtronic, the world's largest standalone medical devicemaker, said in 2014 it lost patient records in separatecyberattacks at its diabetes business.
"The more information, the easier identity theft is and themore valuable the profiles that the hacker can sell to thirdparties," said Erik Vollebregt, a lawyer in Amsterdam whospecialises in medical device cybersecurity and privacy.
He said it could also be possible for criminals to hack intoweb-connected medical devices, and threaten the lives ofpatients, to blackmail the manufacturer.
Despite no documented patient-endangering hacks, the U.S.Food and Drug Administration warned last year an infusion pumpcould be vulnerable to attack and asked healthcare providers tostop using it.
SMART LENS
Novartis aims to have its inhaler for chronic lung disease,to be on the market by 2019. Other pharma-tech alliances includeAerocrine and Microsoft, which are workingtogether on a cloud project to analyse data from allergy andasthma patients.
Google is, meanwhile, working with Frenchdrugmaker Sanofi to collect and analyse informationfrom diabetes sufferers. The U.S. tech giant alsohas a partnership with Novartis to develop a smart contact lensthat can monitor diabetics' glucose levels.
All the companies involved in such projects say they aregoing to extreme lengths to protect patients' data from hackers.
Philips has turned to San Francisco-basedidentity-management software maker ForgeRock to keep data fromthe Dutch company's medical devices from falling into the wronghands.
Software security expert Marie Moe, of Norway's SINTEFscientific research foundation, said the wireless ports in thepacemaker that keeps her heart beating left it vulnerable tointrusion - but that she could not survive without the device.
"Wireless interfaces are a great benefit to certain patientgroups," she told Reuters. "But as a security researcher, I knowconnectivity also means vulnerability." (Additional reporting by Julie Steenhuysen in Chicago, JimFinkle in Boston and Ben Hirschler in London; Editing by PravinChar)