Cyber security has implications for all areas of your business. 

The health sector remains the highest reporting industry sector notifying 15% of all breaches (1)

Nobody wants a data breach – or the serious financial, reputational and operational implications for pharmacies and health care providers that come as a result.

This checklist is designed to help you keep security on your radar and to think about your cyber risk in the same way that you do with other potential risks to your business.

The following questions point to some of the common areas of cyber vulnerability that may arise around people, processes and technology.

1. Your people
2. Your processes
3. Your technology
1. Your people

This is where many cyber risks can slip through.

Your staff are experts in their areas of dispensing, customer service and retail. But they might not be cyber security gurus.

Currently, 26% of reported data breaches occur as a result of human error (1). For those cyber attacks that go unreported, the majority, as many as 90% result from human error.

Importantly, risk keeps evolving as cyber criminals seek new points of vulnerability. This means that your staff training should not be a one-off.

  • Have all your staff and locums been trained in cyber security? Do they understand the risks and what to look for?
  • Would they recognise a phishing email or business scam? Do they know how to avoid downloading ransomware?
  • Do you provide refresher training to prepare staff for new points of vulnerability?
    The end-of-life of Windows 7 support is an example of a potential vulnerability; busy dispensing periods might be another.
2. Your processes

A cyber security policy is essential

Like other policies, cyber security policies and processes should be documented and visible, with quick reference guides and clear advice on what you expect from staff. For example:

  • Have you documented what to do if there is a problem?
  • Have you provided written advice on the digital behaviours that you expect from staff?
  • Do you want staff to access private emails and social media on work computers? Or to connect personal devices such as phones and tablets to your network? What about plugging in USBs?
  • Do you allow members of the public to connect to your Wi-Fi?
  • Have you got cyber security checklists in place for when people start or finish working with your pharmacy?
    This helps to ensure that emails, passwords and other important access information doesn’t accidentally leave your pharmacy.
3. Your technology

Make sure that your systems and technology are as secure as possible.

Malicious or criminal attacks remain the leading source of breaches accounting for 70% of the total breaches, this is an increase from 55% in 2021

The following are important points to think about in preventing disruption to your business:

  • Do your cyber security arrangements cover all devices that connect to the internet?
    Security cameras, smart TVs, fridges, multi-media and music services and other Internet of Thing devices (IoT) are often exposed directly to the internet (i.e. cyber criminals can easily see them using scanning tools) and don’t have the same level security of your PCs and Servers.  These devices are at a significantly higher risk and can potentially open up security vulnerabilities without you even knowing that these have occurred.  We strongly recommend you contact the device manufactures and ensure the devices are patched and up to date and if possible ports locked down.
  • Do you have a firewall and antivirus software on every computer?
  • Do you have a system to detect breaches in situations where a traditional solution such as antivirus software will not be sufficient?
  • Is your operating system able to cope with contemporary cyber security needs?
    The most recent operating systems provide the most rigorous security protections, so making sure that your operating system is up to date is fundamental to protecting your cyber security
  • Do you conduct regular backups?
  • Do you act on software updates as soon as possible?
    Operating system updates and security updates are a vital part of staying as secure as possible. This means avoiding operating systems that have become out of date (such as Windows 7).
  • Have you thought about whether staff dial in from off-site using unauthorised programs (such as Remote Desktop Protocols)? Make sure that you factor these in to your security plans.

(1) Notifiable data breaches publications | OAIC

If this checklist has raised any concerns for your pharmacy please Contact us to request a Fred team member to call you to discuss cyber security in your pharmacy.