Cyber-attacks are on the rise and in the news consistently. The world is seeing a significant increase in cyber based threats and any type of healthcare organization continues to be a prime target.
Recent claims on Ontario based pharmacy operations have ranged from $25,000 to upwards of $1,000,000, with ransomware/cyber extortion being the primary cause of loss. Pharmacies have had to shut down for days/weeks, losing profits along with their reputation and some of their critical patient data. Pharmacies using cloud-based servers and/or contracting out their data security to Electronic Medical Record providers (EMR’s) are not immune to cyber attacks. Often the attack targets the individual pharmacy’s systems and prevents them from accessing data.
A privacy breach/cyber-attack can cause significant out- of- pocket expenses for a pharmacy, including breach forensic and legal costs, notification costs to customers/patients, data recovery costs and lost business income. In addition, patients may make a privacy breach liability claim against a pharmacy if a threat actor accessed their personally identifiable healthcare information. While this has historically been seen as a lower threat, hackers are now threatening to release patient data into the dark web should a ransom not be paid.
As part of a pharmacy’s overall risk management strategy, it is recommended that the following be considered:
Are you protected?
Develop a Cyber Incident Response Plan;
Review Contracts with IT Providers and EMR’s;
Consider Privacy Breach/Cyber Insurance;
OPA and HUB International have worked to secure competitive coverage with leading cyber insurers.
A quote can be provided in a few days with minimal underwriting questions. Also, a privacy breach/cyber policy can share a single limit over multiple locations, which is a definite benefit for multi-location pharmacy owners/groups.
