Data threats: How prepared is your pharmacy?

Article

70% of small businesses that suffer a data breach go out of business within a year of the attack. Here are some strategies to keep your pharmacy strong.

A recent survey, the 2013 Verizon Data Breach Investigations Report, reported that 70% of small businesses that suffer a data breach go out of business within one year of the attack. Clearly, in a sector as competitive as retail pharmacy, data security has moved beyond the realm of IT and become a general business concern.

According to the industry research firm IBISWorld, despite profit setbacks, healthcare reform and an aging population will spur growth for the U.S. pharmacy market, the sheer size of which will make it a target for increasingly aggressive cybercriminals. In the competitive and patient-focused retail pharmacy market, this should serve as a clarion call to data defense.

An area of particular concern for pharmacies is point-of-sale (POS) systems, as recent attacks indicate that installation of malware is on the rise. This point of attack can be particularly vulnerable to unauthorized capture of payment and consumer data, more so as pharmacies increasingly employ POS data for advanced analytics and business intelligence.

See also: Electronic discovery: What every pharmacy needs to know

Defend the data

There are three principal methods of defense that pharmacy retailers would be wise to employ in mitigating the risk of data breaches.

First and foremost are the commonsense methods for prevention of unwarranted access: ensure that firewalls are in place; install and properly operate up-to-date anti-virus software; and train employees in appropriate security procedures (e.g., do not open suspicious e-mails, safeguard and change passwords frequently, and do not download files from untrusted sites). When these measures are taken and enforced, it is much more difficult for outsiders to access business data.

See also: Employees pose greatest threat to PHI security

Internal security

Second, many data security issues arise from a company’s own employees. Analysts have suggested that the increased focus on external threats may result in a lack of attention to internal ones, despite the fact that the leading causes of security incidents in the near future are expected to be employees and negligence.

It is imperative that business systems be locked down so that only those who need access to data can get it. If your pharmacy has credit card numbers or checks in a safe, ensure that only the proper personnel has access to it. The same principle holds for data security. If an employee doesn’t need access to patient records, don’t grant it to them.

 

"Killing" data

Finally, and perhaps most important, businesses can use tools such as point-to-point encryption and tokenization to make data inoperable to those who access it without authorization. This has sometimes been referred to as “killing" data.

Point-to-point encryption translates data into a form that outside parties can neither decode nor use. Similarly, tokenization is a method whereby transactional systems provide a “token” that represents a payment card number; it is still unique, but cannot be used outside the system.

A token replaces all major-brand bankcard numbers transmitted to payment processors, as well as those stored internally for house accounts. Even if a breach or theft allows a third party to acquire a transaction or house account file, the data won’t reveal a card number that can be reused.

These tools should be part of the data defense strategy for any POS or transactional system used by pharmacy businesses.

Continuous vigilance

As new regulations to help secure data are developed, the window of opportunity will shrink or close for hackers, and they can be expected to step up their activities as these regulatory deadlines approach. Ultimately, pharmacies must be vigilant, even as these laws will help boost public confidence in data security.

It’s an old saying that the way to be safe is never to be secure - something that retail pharmacies need to remember as they setup defenses to protect their own data and that of their patients in an increasingly data-driven market.

Keith Lamis senior product marketing manager, Epicor Software Corporation, a company in Austin, Texas that markets business software solutions to the manufacturing, distribution, retail and services industries.

Related Videos
fake news misinformation | Image Credit: Bits and Splits - stock.adobe.com
Related Content
Register Today: April 2024 Total Pharmacy Solutions Summit

Register Today: April 2024 Total Pharmacy Solutions Summit

April 1st 2024
Article

The can’t-miss event on April 13 features speakers and CE sessions focused on elevating patient-centric care.

Looking to the Future of Independent Pharmacy

Looking to the Future of Independent Pharmacy

July 13th 2022
Podcast

Don Arthur, RPh, discusses what lays ahead in independent pharmacy, from clinical care to success stories.

Flip The Pharmacy November Schedule & Sign-Ups

Flip The Pharmacy November Schedule & Sign-Ups

October 31st 2023
Article

Check out these can't-miss Workflow Wednesdays sessions.

Easing The Burden of Burnout With Technology

Easing The Burden of Burnout With Technology

January 31st 2022
Podcast

Lani Bertrand, RPh, joins the latest episode of Over The Counter to discuss the role of technology in easing burnout during the COVID-19 pandemic.

CPESN Names 2023 Outstanding Network Facilitator

CPESN Names 2023 Outstanding Network Facilitator

October 27th 2023
Article

The CPESN Outstanding Network Facilitator Award is sponsored by Compliant Pharmacy Alliance.

University of South Carolina Team Wins 2023 Good Neighbor Pharmacy NCPA Pruitt-Schutte Student Business Plan Competition

University of South Carolina Team Wins 2023 Good Neighbor Pharmacy NCPA Pruitt-Schutte Student Business Plan Competition

October 16th 2023
Article

The winner was announced during the 2023 NCPA Annual Convention and Expo.

© 2024 MJH Life Sciences

All rights reserved.