The recent Optus data breach has thrust cyber security back into the national spotlight, with the impact devasting for both Optus and their customers. Even a few weeks on it is far from over, and the consequences are likely to see Australian laws surrounding a data breach strengthened and fines increased.
Yet whilst the scale of this breach was unprecedented, it was only one amongst many, with breaches since involving MyDeal (Woolworths), Medibank and Costa Group. Further the NAB have reported receiving over 50 million attacks each month!
It is a timely reminder of the serious impact a data breach can have and that all businesses must do better in protecting customer data. Home Affairs Minister Clare O’Neil recently stated the Medibank breach had the potential to result in more serious harm to customers than Optus due to the nature of the health information stolen. This positions pharmacies at the same elevated risk.
Looking at the impacted companies you would be forgiven for thinking it is a big business problem, the reality is that these are simply the ones that make the news. While many cyber incidents go unreported, various expert bodies estimate that up to 50% of all attacks are against small business. The technology to execute such an attack is freely available, making it quite easy for anyone to be a cybercriminal. In fact, there are well run businesses making money out of providing cybercrime services, going as far as to offer tools, support, and advice on how best to maximise financial return.
Everyone is at risk, anyone or any business connected to the internet is a target. There is simply too much money to make.
Every day we see alerts of pharmacy networks being scanned for vulnerabilities. Thousands of scans are running all day, every day looking for that one little opening to get into your network. And unfortunately, over the last month we have seen successful attacks on pharmacies increase.
If you have not yet invested in cyber security measures to protect your business and patient data, you must do so now. You are being targeted even if you do not realise it!
The main ways Fred sees a pharmacy fall victim include:
When you fall victim to a cyber attack the impacts can be devasting financially, reputationally, and can be long lasting. Depending the on the type and scale they can include:
Once data is breached and there is a risk of harm to those impacted, it is mandatory for Pharmacies to report the breach to the Office of the Australian Information Commissioner as part of the Notifiable Data Breach Scheme, and inform all customers whose data was compromised.
These laws (which all pharmacies are subject to) are also being strengthened. Penalties for serious or repeated privacy breaches are now increasing from $2.2 million to $50 million, 3-times the value of any benefit obtained through the misuse of information, or 30% of a company’s adjusted turnover in the relevant period.
There is no more time to waste. The risk is real, and the consequences are significant. As we have seen with the Optus breach customers and the Government will not tolerate unprotected private and confidential data.