Ransomware attacks targeting health systems, hospitals, and other institutions are on the rise, so this should serve as a warning to pharmacists for heightened awareness that their systems, too, can fall prey to cyberattacks. And pharmacists need to take proactive steps to prevent attack and mitigate impact.

While pharmacies have not been targeted yet, they are nonetheless vulnerable, given that pharmacy-management systems are technology driven. Pharmacies are experiencing exponential adoption of technologies to service and support their day-to-day activities. Furthermore, many pharmacies offer technology-dependent services such as MTM and walk-in clinics, where patients are seen and then prescribed medications—often filled immediately at the pharmacy. These services open an additional gateway for hackers to infiltrate the technologies and cause havoc, not only with pharmacy operations, but possibly by disrupting patient care.  
According to a recent American Society of Hospital Pharmacists (ASHP) Intersections article about health system cyberattacks, “Pharmacy operations are increasingly reliant on technology and automation, which both raises the risk of an attack and heightens the likelihood that attacks may have an impact on patients’ health,” said Barbara Giacomelli, PharmD, MBA, FASHP, area vice president, McKesson Pharmacy Optimization. Additionally, attacks where hackers prevented healthcare providers and administrators from accessing medical records were just the beginning of activities that might eventually trickle down to the pharmacy. The article also pointed out that cyberattacks, such as the “WannaCry” ransomware attack in May 2017, crippled systems and caused disruptions to patient care.
So how do pharmacists best prepare to avoid and mitigate cyberattacks in the pharmacy? Simple, common-sense steps can be taken, such as ensuring that every technology system has been thoroughly reviewed by information technology and security experts for any potential vulnerability to attack; making sure that antimalware software is always up to date; securing pharmacy staff access to systems by employing a multifactor verification processes; limiting access to data based on individual pharmacy staff roles; never using computers for anything other than day-to-day pharmacy operations; and never opening a link or an attachment embedded within an email from an unknown source. The latter is the most important, and simple, step to minimize a phishing attack in a pharmacy.

In addition, access to vulnerable entry points in the pharmacy system should be strictly controlled, with access to every entry point documented. Finally, deploying a crisis team facilitates instant communication between healthcare systems, pharmacies, and pharmacy chains during an attack for instant sharing of critical information.

« Click here to return to Technology Update.