With electronic prescribing on the horizon, it is more important than ever that pharmacy is on the alert for cybercrime. Identity theft is the last topic in our series on cyber safety.
Identity theft sounds like something out of a CSI episode. But with Australians reporting losses of $3.5m in 2020 to date1, it is more common and costly than people realise.
Like other crimes, identity theft (also referred to as social engineering or credentials theft) is an attempt to steal from you. Cybercriminals are trying to trick you into sharing personal and private information so that they can commit fraud.
How does identity theft occur?
Email, via phishing emails, is the most common attack type.
Traditional methods can be equally devastating. Phone calls contributed to the largest financial portion ($1.9m of the $3.5m referred to above). This occurs when criminals pose as representatives of credible organisations to trick people into confirming aspects of their identity. Identity theft can also occur via fake websites, text messages, mobile apps, social networking and face-to-face.
Is my pharmacy at risk?
Yes. As healthcare professionals, we work in one of the top sectors targeted by cyber criminals in Australia2. Further, as a small business, we are among the most vulnerable. In May, the Australian Cyber Security Centre (ACSC) warned that cyber criminals are continuing to exploit COVID-19 as a way to attempt to trick people3.
How do I protect my pharmacy?
Many attacks rely on human factors: people’s good nature, naivety or the fact that we are too busy and distracted to pay attention to details.
The key is to keep you and your team trained in what identity theft is and what to look for. Our “Cyber security risk checklist” has more detail on the steps to put in place. But make sure that you run regular training covering these key areas:
- Identifying phishing emails and fake website
- Checking whether communication seems genuine. Would a colleague or group that you deal with send you an email or text of this kind?
- Reputable organisations never ask for personal or financial information
- Threats can occur by:
- Phone calls and people in person
- Requests for money, especially urgent or overdue requests
- Bank account changes
- Requests to check or confirm login details
- Protecting your PC or network from external devices, such as memory sticks and USB sticks
Having the right policies and tools in place can help to protect against and limit damage.
And if I think identity theft has occurred?
Speed matters. The sooner you can identify what has been stolen, the sooner you can act.
- Note what information you provided i.e. email or bank details, phone numbers, addresses etc
- Contact the organisation and alert them
- Alert work colleagues, friends and family – anyone who might be tricked into providing further information if they think a request for help is from you
- Contact your IT provider and/or the appropriate Government agency as soon as possible.
- A list of resources can be found here https://www.scamwatch.gov.au/get-help/where-to-get-help
Andrew McManus is General Manager, Managed Services at Fred IT Group.
Statistics referred to above:
According to the Australian Government’s Scamwatch https://www.scamwatch.gov.au/scam-statistics?date=2020&scamid=29
Health and finance are currently identified as the top 2 sectors. Refer to the Notifiable Data Breaches Statistics Reports for the latest figures: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/
Australian Cyber Security Centre (ACSC) advice on COVID-19 https://www.cyber.gov.au/COVID-19