With the busiest week of the pharmacy year – and single busiest day, Christmas Eve – racing towards us, it is important to stay alert to the risks of cybercrime. For while you might like a little fishing on your holidays, you don’t want to become a victim of “phishing”, which is how cyber-criminals attempt to lure you into giving over your personal information.

Stay alert for phishing

In Australia, 90% of cyber-attacks in 2019 started with a phishing email*, although phishing can also come as texts and phone calls. These are fake contacts posing as communication from a real organisation. They look and sound the part, but are attempting to collect your personal information, including financial details and health information, to sell on to others.

Whilst phishing might sound like the stuff of shopping online late at night, your pharmacy is also a real target of cybercrime as are all health providers. In Australia, the health sector reported more data breaches than any other sector in 2019, with health service providers reporting 105 of the total 289 data breaches (36%)** in the first half of the year. This was ahead of finance which had 69 breaches (24%), legal, accounting and management services with 47 (16%), education with 42 (14.5%) and retail with 26 (9%).

It might not happen today, or tomorrow, but it will happen.

The busier you are, the more likely it is that you will miss the signs of phishing, which is why it is vital that you stay alert throughout the festive season.

Phishing is perhaps the form of cybercrime that pharmacy is most vulnerable to precisely because it crosses between work and private worlds. Communication from vendors and suppliers is part of the bread and butter of pharmacy life, and therefore the risk of a phishing email is always there. But the risks also apply if you or your team use a work computer or smart phone on your pharmacy network to browse and shop online. A quick browse and click can pose immediate security concerns for your network.

Cyber criminals are attempting to trick people into visiting websites that look real so that they can collect your private information and logins (such as banking, ecommerce, emails, social media and other sources) to sell to others. The risks are higher throughout the festive season as online shopping soars.

Nobody wants identity theft or a data hacking for Christmas. Follow these principles:

  • Never click on the link. Unless you are absolutely sure that the website or email or text is from the real organisation – do not click on the link. Navigate to the website rather than clicking.
  • Think about whether you or your pharmacy has placed a recent order with this company. Does the email address or communication look real?
  • Hover your mouse over the link to see whether the website address is correct. Does it match the real organisation’s website? Look for slight differences such as one or two additional letters or numbers or an unexpected hyphen.
  • Look for signs that the email address or logo is not quite right or that the text has spelling errors or other details such as incorrect grammar.
  • A credible organisation will never, ever ask for your personal, financial or health information by text or email.
  • Seek advice from Fred if you would like to find out more.

If you think you have been affected by a phishing attack:

  1. Contact the real organisation immediately;
  2. Seek their assistance to change your password or reclaim the account if the hacker has changed the password;
  3. Look for unusual activity against your account;
  4. Depending on the account, you might want to alert others who may expect communication from you.


If you think you have had a cyber-security breach:

  1. Shut down your computer or laptop and disconnect it from the network to prevent any spread.
  2. Contact your IT provider immediately for advice and assistance.
  3. Remember that pharmacies are required to report any breaches under the Notifiable Data Breaches Scheme.

Where to get advice:

Protect your pharmacy and personal information throughout this busy season. Keep an eye out for our Fred updates on cyber-security.

Contact me about protecting my pharmacy from cybercrime
* 2019 Annual Report on the State of Cyber Security
** Refer to the Notifiable Data Breaches Statistics Reports for the periods 1 January to 31 March 2019 and 1 April to 30 June 2019 which can be found here.