Community pharmacists are vulnerable to security threats, resulting in bad outcomes for both patients and pharmacies. Here’s how to evaluate risk and find the right technology partner to help protect and defend you from cybercriminals.
The threats to community pharmacists are many, such as discount cash cards eating into business. But one often overlooked threat is getting hacked. In 2021, nearly 50 million patient records were compromised according to incidents reported to the federal government.1
Health care data are particularly at risk because these data are more valuable on the black market.2 Whereas the value of a social security number is about 53 cents, the value of just one health record is a whopping $250 because it includes personal details rather than just a credit card number.
And yet, pharmacies store both health care and financial data, making advanced security protections even more important. Community pharmacies are seen as relatively soft targets for nefarious players seeking access to patient health care data.
Breaches are very bad for your patients, but they impact your business as well, by taking your systems offline, disrupting care, adding costs for fixes, ruining your pharmacy’s reputation, and even opening up the potential for lawsuits. Just because you are not part of a large health care system or chain does not exclude you from being a target.
But there are things you can do right now to take steps to improve security. Start by evaluating your vendors.
Three questions to ask when evaluating a technology partner
Vendors are cited as the reason for breaches more often than the pharmacy itself. For example, in February 2021, the Kroger Co. had a breach affecting 3.82 million pharmacy customers and employees – the result of vulnerabilities in their vendor’s file transfer service.3
Even if you are a small independent pharmacy, cybercriminals are interested in your data. Many small and medium-sized community pharmacies have been breached through company email accounts, unsecure servers, and ransomware attacks.
And yet, pharmacies need vendors for reliable services. So, the first step is to review all vendor agreements. What data are being shared and how are the data being used? Choose a vendor who is natively health care-focused, and don’t cobble too many vendors together to create a solution.
All in all, there are 3 big questions you need to ask your current and potential vendors about their technology:
Privacy and security: What to ask your vendor
A vendor who is focused on health care data should be able to properly protect and defend your sensitive digital assets. Here are some questions to ask of a potential vendor to ensure privacy and security.
Process and experience
Education and training
Scalable and flexible: What to ask your vendor
Your business needs to change along with the market and your customers’ needs. Your software must keep up. Look for a vendor who offers scalability and flexibility, meaning the system can increase or decrease in performance and cost in response to changes in application and system processing demands. Here’s what to ask a potential vendor:
Feedback and enhancements
Process and updates
Interoperability: What is it and what to ask your vendor
Interoperability refers to the capability of different solutions to communicate with one another freely and easily. Systems that are interoperable exchange information in real-time, without the need for specialized IT support or behind-the-scenes administrative work.
That makes for secure, more efficient, and coordinated care for your patients. Here’s what to ask of a potential vendor:
Definitions and capabilities
Costs and monetization
Blockchain is a pharmacy-friendly solution for managing risk
As a secure, distributed ledger that tracks transactions over time while protecting those transactions, blockchain streamlines complicated processes while protecting them from tampering. Blockchain offers control over information, with trust built in that the information is accurate.
Blockchain can improve privacy and confidentiality, enhance patient safety, and provide a higher level of clinical care to consumers. Because of a few unique features, blockchain may be a solution for your pharmacy:
Bottom line: Don’t neglect security fundamentals and find a technology partner who can protect your patients’ data while helping your business grow.
About the Author
Paige Clark, RPh, is the VP of Pharmacy Programs and Policy at Prescryptive, overseeing the company’s policy work to drive awareness, utilization, and scope of trusted independent pharmacists nationally. Prior to Prescryptive, Paige spent 11 years at Oregon State University's College of Pharmacy, driving policy initiatives for the state’s licensed pharmacists, including the prescribing of birth control and tobacco cessation services. Paige also worked as the Staff Pharmacist Consultant for the Oregon Board of Pharmacy, managing rule writing, legislative endeavors, and regional and national policy work. She is a frequent speaker and presenter at national industry conferences and a multi-award winner, including several Pharmacist of the Year recognitions.