A cybersecurity expert has warned pharmacies about data breaches, saying big systems such as Medicare and MHR are actually harder to hack than small businesses
There have been 11 billion reported data breaches since 2005, based on the latest numbers from Privacy Rights Clearinghouse.
And since February 2018, the healthcare sector suffered the most data breaches of any industry group, according to statistics from the Office of the Australian Information Commissioner (OAIC).
A third (33%) of all breaches this year involved health information, explains Nick Ellsmore, CEO at cybersecurity consulting firm Hivint.
Healthcare is more valuable than credit card numbers, said Mr Ellsmore during an education session at the Pharmacy Connect conference in Sydney last Friday, adding that almost all cybercrimes these days are financially motivated.
“With more medical information online, healthcare is becoming one of the preferred targets. People are starting to get really nervous about it,” he said.
Hackers and their techniques are much more sophisticated than they were in the past, and it’s no longer kids hacking during their school holidays, he explained.
“They’re not hacking when they’re home from work – this is their work,” said Mr Ellsmore.
“Hackers don’t wear hoodies because they’re professionals.”
Data breaches are more likely to affect small organisations.
“It’s generally automated and it’s generally opportunistic,” he said, adding that it’s important for pharmacies to have some form of security to ward off hackers.
“You don’t have to have bank-grade or defence-grade security. You just have to have minimum viable security so that they go somewhere else.
“Rarely will they be targeting your business specifically, they’re more likely to be random. You just have to set the bar high enough so that you’re not the easy target.”
It would actually be harder to hack large systems such as Medicare and My Health Record than to attack smaller pharmacies individually, said Mr Ellsmore.
However he added that “My Health Record has done a great job of stimulating the public’s mind on security issues around health data.
“This awareness and concern about security and privacy of health data will reach pharmacies.”
Due to this, the government is now putting more consideration into regulating industries including healthcare and health data.
Mr Ellsmore warns that companies that lose patient data are likely to face class action lawsuits in the future.
A lot of data breach is around process failures; his suggestions for avoiding data breaches include:
- Have one of the bigger companies run your email server, don’t do it yourself. These will be better secured.
- Turn on two-factor authentication everywhere you get the chance. It is one of the single most effective controls you can put in place.
- Have up-to-date security patches.
Pharmacists are one of the most trustworthy professions in Australia – but that’s going to change really quickly if data isn’t protected, concluded Mr Ellsmore.