Independent Pharmacies Must Prioritize Cybersecurity
Brian Rakers, senior vice president of distribution and member support at Pharmacists Mutual Insurance Group, talked cybersecurity during a session at AAP 2024.
With the ever increasing reliance on digital technology in today’s world, cybersecurity has become a topic of extreme importance. Cyberattacks are now more commonplace in multiple industries, and the health care sector is no exception. According to the US Department of Health and Human Services, there were 707 health care data breaches in 2022 alone, which exposed over 51 million patient records.1 For independent pharmacies, protecting patient privacy is crucial, which is why both pharmacists and pharmacy owners need to become familiar with cybersecurity best practices.
Cybersecurity is crucial for independent pharmacies / leowolfert - stock.adobe.com
In a session titled “Cyber Liability: Risks, Ransoms, & Remedies” at the American Associated Pharmacies (AAP) Annual Conference, held April 4 to 6 in San Diego, California, Brian Rakers, senior vice president of distribution and member support at Pharmacists Mutual Insurance Group, discussed practical risk management techniques to prevent cyber liability claims, how to identify areas of potential data exposure, and how to protect against likely cyberthreats.2
“Today [is a] challenging time,” Rakers said. “All pharmacists are facing inflation…increased costs, reduced reimbursements. We have supply chain challenges. What type of drugs [can we get]? Are we able to keep them in stock? Are vendors able to supply them…As pharmacists, you're also running your organization. You're the CEO of your small business. Understanding cash flow, understanding operational aspects of staffing, are all important. [P]robably the least of your worries and challenges is the cyber liability threat…But do we understand what that means for our small business and how we can impact and mitigate those challenges?”
READ MORE: Understanding Deceptive PBM Practices
Cyberattacks can take many forms, but some of the most common include malware, phishing, and denial of access. Phishing is one of the most frequently used forms of cyberattack. It entails sending a scam email or text message that contains a link to a malicious website, which tricks people into providing sensitive data. Hackers, who are commonly referred to as bad actors in the cybersecurity field, use these various tactics to get into a company’s system in an effort to gain access to data, such as patient records or financial information. They can then use this data as leverage for a ransom or just as a means to cause disruption and chaos to an organization.
“Unfortunately, in today's world, there's a lot of smart people out there doing a lot of great things,” Rakers said. “But there's also a lot of smart people that are doing bad things with the knowledge that they have.”
Although cyberattacks on larger companies—such as the recent attack on Change Healthcare and UnitedHealth that resulted in the organization paying a $22 million ransom—by far get the most attention, the majority of cyberattacks that occur on a more daily basis happen to small businesses. This is likely because smaller businesses do not have at their disposal the tools or resources that larger corporations have. Rakers said that to defend against cyberattacks, small companies need to make sure their team is trained in cybersecurity best practices and that it’s also important to keep all software and systems up to date.
If your independent pharmacy does fall victim to a cyberattack, the financial impact may seem like the biggest concern. However, Rakers said that the inability to access your system and take care of your patients will take the largest toll on your day-to-day business. Additionally, patients and customers in your community may no longer trust that it’s safe to do business with you and this will negatively affect your bottom line.
“Your team is going to be working to get you back online and active into serving your patients,” Rakers said. “And unfortunately, it could impact your business's potential to survive and continue to move forward, given all of the challenges that you’re facing. It's important to remember any data that you collect and that comes through your system, it becomes yours. You're responsible for who gets access to it, and what protocols and cybersecurity safety measures you put in place within your team, or how you partner with your IT professionals to set that up.”
Rakers discussed several of the ways that independent pharmacies can protect themselves from cyberthreats. Since the vast majority of security breaches are caused by human error, employee education and training is critical. Working with an IT professional to create tests for your employees, as well as having your team take cybersecurity assessments, are some good ways to make sure they are well prepared. The last line of defense, according to Rakers, is to utilize an insurance company.
“What do you do when you suffer a cyber loss? The first thing I would say is to help limit the damage, notify your insurance company and file a claim,” Rakers said. “It's always a recommendation… [to] notify the professionals and get them involved. Preserve the evidence. Don't throw any of the computers away. Get help from the experts. When you invoke your insurance policy by filing a claim, they're going to bring a team of professionals on to help you, including attorneys, legal advisors, the forensics teams, to help you with the customer notification and helping you with any PR or communications for your local communities.”
Click here to see all of our AAP 2024 coverage.
