5 cyber security tips to protect your pharmacy

Technological change is to be expected in any industry, but the pandemic has forced many pharmacy businesses to adapt and quickly implement new technologies. These advanced technologies allow pharmacy professionals to virtually connect with patients, but it also creates new vulnerabilities and presents a risk to patients and store data.

The impacts of having your pharmacy business breached by cyber criminals can be devastating and the road to recovery can be lengthy. A study done by the Cyentia Institute found that small businesses that experience a breach are likely to lose 1/4 of their annual earnings.^[1]  A cyber attack can significantly impede business operations, and in some cases destroy a business beyond recuperation. Lapses in security may also result in legal issues as seen with LifeLabs, the largest provider of medical lab diagnostic services in Canada. ^[2]  The company experienced a massive breach, and the sensitive personal information of an estimated 15 million Canadians was accessed which resulted in the introduction of a $1.4 billion class-action lawsuit. ^[2]

Pharmacies store pertinent patient information varying from date of birth, address, prescription information, and more, this sensitive data can be valuable to cyber criminals and can be leveraged for sale or ransom. In contrast to credit card breaches where suspicious activity can be identified quickly, healthcare breaches can take months, or sometimes years to identify and once the information is jeopardized there is often no simple solution. Intellectual property and research data can also be accessed and damaged in a cyber attack leaving valuable information tainted and vulnerabilities in your business. The reputational ramifications of a cyber breach can leave your businesses and practice tarnished as patients may have difficulty continuing entrusting you with their information.

Now, more than ever, it is essential that pharmacy owners and managers are aware of the risks and have an action plan in place to manage and eradicate breaches. It is important to take these threats seriously and consider cyber security in long-term business planning. Here are five actions you can take to mitigate risks and protect your pharmacy business.

1. Security awareness and staff training. Your staff is your first line of defense against cyber attacks. Attacks can begin with an opened attachment, a single mouse click, or a website visit. Take time to train and educate staff on what steps to take should a breach occur, how to identify suspicious emails and links, and to use only authorized software. Regular meetings, e-newsletters, or memos about security vigilance are also an opportunity for you to update staff.

2. Implement a cyber response plan. If a breach were to occur it is critical that you have the means to contact your staff and advise patients. Acting quickly after an incident will help you minimize damage and allow you to provide guidance on the next steps after a breach has been identified.

3. Update tools and store data securely. Regularly check that operating systems, antimalware and antivirus software, and other security tools are up-to-date. Encryption should be implemented wherever possible. Ensure to back up vital information and important files. Practice recovering data at least once so that you will know what to do should a cyber attack occur. 

4. Guard and create strong passwords. It is vital that pharmacies are vigilant about passwords. Train staff to not share passwords, not to use the same password for multiple accounts, and to use unique passphrases and complex passwords. Use two-factor authentication when available and establish lock-outs after a certain number of incorrect IDs or passwords have been inputted. Also, if a staff member departs or is terminated from your pharmacy ensure to remove any associated profiles or accounts and update passwords as necessary.

5. Take action and get cyber insurance. Acquiring dedicated cyber coverage for your pharmacy business can minimize the risk of loss, protect your assets, and help your business survive a malicious attack. Many cyber insurance policies provide immediate expert assistance to help identify, manage and stop attacks. Policies can also absorb some of the costs to keep your business running if a cyber attack were to occur in your pharmacy.

Technological tools help pharmacy businesses to operate and can strengthen the delivery of patient care. Considering that cyber criminals apply a variety of tactics it is crucial to remain vigilant, implement the proper tools and coverage to keep data secure and confidential. Ensure you have the appropriate cyber insurance coverage for your pharmacy business.

1. Cyentia Institute “Information Risk Insights Study”
2. Ikeda,Scott. “Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit.” CPO Magazine, 8 Jan. 2020. 

Reprinted with permission from the Ontario Pharmacists Association.