2 Jul 2020
The world of cybersecurity after COVID-19 is sure to be a changed one. Although organizations will certainly see large-scale changes in policy and performance, an industry is only as secure as its smallest entities. Nowhere is this more evident than large chain and local pharmacies, where cybersecurity experts have turned a critical eye on pharmacy management. Although chains tend to have established measures in place for addressing cyber threats, smaller organizations and independent pharmacies can fall short. For smaller entities part of a chain, understanding and executing company policy is of the utmost importance, experts say. And for independent pharmacists looking to start up an organization of their own, hiring security firms with in-house IT security specialists will prove critical to a pharmacy’s success in the digital world.
High Risk…Dr. Joey Mattingly, associate professor and vice chair of Pharmaceutical Health Services Research at the University of Maryland, advises that pharmacies have more to lose than ever when it comes to protecting their data from cyberattacks: “The fallout from a data breach could be devastating and potentially ruin your business, particularly since it involves our patients’ personal health information.” As Mattingly goes on to explain, “pharmacies are already pressured with decreasing margins on pharmacy sales, so it is important that pharmacists advocate for either increased revenues for pharmacies or other financial support [such as low-interest loans and tax incentives] for technology and training investments.” And although no identifiable schemes have specifically targeted pharmacies, that only expands the risk for pharmacies to fall prey to the more mundane, nondescript scams: phishing, social engineering, BECs, and more. Employees at the local pharmacy level need to be especially cautious of these scams. Systems with strong passwords with special characters, passwords that change every 90 days, and two-factor authentication will assist their users in identifying and defusing threats to PHI, or Patient Health Information. For further guidance, experts recommend that pharmacy organizations look to other entities covered by HIPAA and the tools they employ, including virtual private networks, firewalls, and antivirus software. Making use of IT security vendors is also crucial; a third party can help your organization implement best practices and organize its responses to possible cyber crises. Vendors can also assist pharmacy owners in monitoring access controls, an increasingly important aspect of data protection. One expert suggests a pharmacy’s privacy officer set up an alert to trigger every time a high-profile patient’s record is accessed, in order to prevent unauthorized disclosure. As always, vigilance remains critical in the fight against cyber threats—employees can do their part just by using common sense to keep an eye out for potential scams. For instance, if a pharmacy receives a contact from its vendor that seems out of place, contains spelling or grammar errors, or regards something irrelevant, it’s always a good idea to check in with the vendor to ensure the contact is legitimate.
… And High RewardWhether you’re a large chain or an independent company, when it comes to IT security, you’ll want to cover all your bases. BAI Security’s IT Security Assessment goes well beyond a technical focus; it takes a 360-degree view of your organization’s processes and technology to create a comprehensive understanding of your risk posture. Our results speak for themselves: 85% of the time, regardless of prior audit, our IT Security Assessment reveals serious and previously undetected issues in new client environments, and 100% of our recently surveyed clients rate the depth and comprehensiveness of this assessment as “Excellent”. Our customizable IT Security Assessment options include:
- Vulnerability and Penetration Testing
- Extensive Firewall Evaluation
- Social Engineering Evaluation
- Antivirus Best Practices Evaluation
- Network Security Best Practices Evaluation
- Remote Location (Branch) Evaluation
- Remote Access Evaluation
- Telco-Testing/War-Dialing Evaluation
- Wireless Security Evaluation