Importance of Cyber Security

Cyber-attacks are on the rise and in the news consistently. The world is seeing a significant increase in cyber based threats and any type of healthcare organization continues to be a prime target. 

Recent claims on Ontario based pharmacy operations have ranged from $25,000 to upwards of $1,000,000, with ransomware/cyber extortion being the primary cause of loss. Pharmacies have had to shut down for days/weeks, losing profits along with their reputation and some of their critical patient data. Pharmacies using cloud-based servers and/or contracting out their data security to Electronic Medical Record providers (EMR’s) are not immune to cyber attacks. Often the attack targets the individual pharmacy’s systems and prevents them from accessing data. 

A privacy breach/cyber-attack can cause significant out- of- pocket expenses for a pharmacy, including breach forensic and legal costs, notification costs to customers/patients, data recovery costs and lost business income. In addition, patients may make a privacy breach liability claim against a pharmacy if a threat actor accessed their personally identifiable healthcare information. While this has historically been seen as a lower threat, hackers are now threatening to release patient data into the dark web should a ransom not be paid.

As part of a pharmacy’s overall risk management strategy, it is recommended that the following be considered: 

Are you protected?

Develop a Cyber Incident Response Plan;

  • If a cyber-attack were to occur, is there a breach coach or breach forensic firm to contact to determine what has happened?
  • Are there updated backups of stored data to avoid costly data reconstruction? 
  • Take time to train and educate staff on what steps to take should a breach occur, and implement a cyber response plan so that staff (and if necessary) patients can be contacted quickly.

Review Contracts with IT Providers and EMR’s; 

  • What is their cyber incident response plan?
  • Does the contract have conditions to protect the pharmacy in the event of a breach?  
  • Specific attention should be paid to the indemnification clauses in the contract.

Consider Privacy Breach/Cyber Insurance;

  • A stand-alone broad form cyber insurance policy provides a pharmacy access to the breach forensic and legal experts right at the outset of an incident. It helps the pharmacy navigate the process, while at the same time providing coverage for the out-of-pocket costs and potential liability claims that arise as part of a breach. 

OPA and HUB International have worked to secure competitive coverage with leading cyber insurers.   

 

A quote can be provided in a few days with minimal underwriting questions. Also, a privacy breach/cyber policy can share a single limit over multiple locations, which is a definite benefit for multi-location pharmacy owners/groups. 

Please contact the OPA HUB team at [email protected] or 1-855-672-7672 to discuss what privacy breach/cyber insurance options would be best for your pharmacy operation.