Pharmacists strive to do no harm. However, they could be unintentionally exposing patients to risk through gaps in cybersecurity and outdated technology.
Across the globe, health-care systems have become the targets of ransomware attacks—attacks where hackers gain access and essentially kidnap data and patient information to hold it hostage until a ransom is paid.
In May, a ransomware attack known as WannaCry affected more than 200,000 computers in 150 countries with victims including hospitals, banks, and telecommunications companies.
The attack crippled the National Health Service (NHS) in the United Kingdom, impacting information technology and phone systems in NHS hospitals. The computer systems had to be temporarily shut down and hospitals were forced to ask patients not to come in unless it was an emergency.
Just a month later, another ransomware strain known as NotPetya, spread even faster through computer systems across the globe.
While each attack is slightly different, experts say the key message remains the same. “We all have basically the same level of vulnerabilities if we do not do the basic type of housekeeping that we need to do around our technology and our cultures within our organizations,” said Rod Piechowski, MA, Senior Director of Health Information Systems at HIMSS, a nonprofit organization seeking to improve health through information technology.
Pharmacies at Risk
Afton Wagner, PharmD, Senior Manager of Federal Affairs and Pharmacy Initiative at HIMSS, said that although pharmacy has not traditionally been considered a stakeholder in this issue, cybersecurity should not be a foreign concept to the industry in light of the sensitive patient information and billing data pharmacies have at their fingertips. “Because of all this different access to information, pharmacy can be an attractive point of system intrusion,” she said.
U.S. hospitals are vulnerable to attack. “I don’t think there’s enough accountability and responsibility in the hospitals right now,” said Mick Coady, Health Information Privacy and Security Partner at PwC, the professional services firm. “I don’t think they’ve spent enough money through the IT budgets versus what you would see in retail or banking right now.”
For years, Coady said, hospitals have spent their budgets on patient care or medical equipment, leaving less of a budget for IT.
“You are now sitting in a place where everyone is trying to play catch up,” he said.
Up next: Educate and Maintain