Reducing pharmacy cyber risk in 2020


Andrew McManus talks cyber security and pharmacy…

Globally it is estimated that there is a successful ransomware attack every 14 seconds1. This means that every 14 seconds, businesses and individuals become victims of cyber-crime.  

These are the cyber attacks that we know about. Many others go unseen and unreported. Thanks to mandatory reporting, however, we have a clearer understanding of the type of attacks being reported in Australia.

As pharmacy enters a new decade and gears up for ePrescribing, two of these statistics provide sobering reading: 43% of all cyber-attacks now target smaller businesses2; and health is the number one sector for reported data breaches3.

Cyber criminals are targeting small businesses because they view these as the easiest targets – and 6.4 billion phishing emails sent each day4 are doing the job of finding these targets. The health sector, including pharmacies, has become a target based on the fact that health data can be worth three times as much on the dark web as bank data5.

These trends point to the need for pharmacy and pharmacy owners to understand the cyber security landscape and cyber risk. A decade ago, these conversations took place mainly among security experts, large organisations, corporates, and governments. Today, all businesses – including pharmacies large and small – need to have these conversations.

Speaking with pharmacies, I know that they value the work of their anti-virus software in protecting against risk, and rightly so. We know, for example, that Fred anti-virus has helped to protect customers from thousands of cyber attacks over the years.

Unfortunately, cyber criminals are spending increasing amounts of time trying to get around your anti-virus. They are becoming increasingly clever at tricking anti-virus into thinking that malicious code is legitimate software. 

Think of anti-virus as the locks on your door. Twenty years ago the locks were all you needed. But if you want to strengthen your security you need to think about additional layers – the equivalent of a monitored alarm and security cameras. 

We need to get better at making sure that – as well as anti-virus – we have other layers of security in place to make it harder for cyber criminals to gain access.

A cyber attack can be crippling. 

You can be locked out of your PCs and unable to dispense, make a PBS online claim, place an order or use the till. With a good backup in place, it can take hours and even days to get back online, but without a backup you may never recover your data. The cost of ‘hardware/software’ recovery can run into the thousands.

The damage to your reputation based on loss of customer confidence will be even greater. Additionally, if a cyber-attack results in a notifiable data breach, you are legally obligated to notify both the Office of the Australian Information Commissioner (OAIC) and your customers.

You can reduce the risk and you can make your business more resilient. The key is to stay informed. Our article ‘Cyber risk: what is it and how much of a concern is it for pharmacy?’ is a good starting point for understanding the risks.

Always speak to your IT provider for specific advice. Or talk to Fred about our real time managed cyber security service tailored for all pharmacies, Fred Protect.

Next month we take a closer look at phishing – the biggest culprit in cyber crime generating 90% of all cyber-attacks in Australia6.


Statistics referred to above:

  1. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
  2. https://enterprise.verizon.com/resources/reports/dbir/
  3. https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-data-breaches-statistics-report-1-april-to-30-june-2019/
  4. https://www.valimail.com/press/research-crisis-of-fake-email-continues-to-plague-industries-worldwide-2/
  5. https://www.carbonblack.com/resources/threat-research/healthcare-cyber-heists-in-2019/
  6. 2019 Annual Report on the State of Cyber Security

Previous Taking advantage of the situation
Next What are the new requirements?

NOTICE: It can sometimes take awhile for comment submissions to go through, please be patient.