Cyber attack warning a wake-up call
CYBER attacks launched by a sophisticated foreign “state-based” hacker are a wake-up call for the pharmacy sector, experts believe.
While Prime Minister, Scott Morrison, said the attacks were focused on Government and corporate organisations, Fred IT Group General Manager Managed Services, Andrew McManus, stressed the risk of being targeted by hackers was “real” for small businesses, including pharmacies.
“What we’re seeing is that small businesses are increasingly being attacked,” he said.
“The reality is that small businesses are more vulnerable than some of those [Governmental agencies and corporations], because they haven’t previously invested in cyber security, and if they have it’s been very basic.”
McManus urged pharmacy owners to take steps to ensure their computers are fit for purpose and using up-to-date software.
“We’re aware that a number of pharmacies are running old computers [and] old operating systems [like] Windows 7,” he said.
“If they’re still running Windows 7 they might as well be leaving their front-door open to be brutally honest.
“They need to get off Windows 7, they need to get onto Windows 10 and keep that up-to-date and patched.”
He added that while anti-virus software is an important tool, “it’s no longer enough”, recommending pharmacy owners consider using a 24/7 security operating centre to provide round the clock cyber surveillance, to protect data.
“We liken it to a lock on a door,” he said.
“Everyone had locks on doors 30, 40 years ago, but we now have monitored alarm systems, we have security cameras and they act as additional deterrents to criminals.
“These sorts of systems are available to pharmacies [for cyber security protection].”
Australian Digital Health Agency (ADHA) interim CEO, Bettina McMahon, echoed the call for pharmacies to ensure they are using the latest versions of software to “address known security vulnerabilities”, and advised owners to provide security awareness training to improve their knowledge of cyber risks.
With health data one of the areas reportedly targeted during the recent attacks, McMahon reminded pharmacy owners that organisations, including pharmacies, that use the My Health Record (MHR) system are required to have MHR security and access policies in place to protect data.
She added that the ADHA has a cyber security team working round the clock to monitor and respond to potential threats.
“The system is built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of the health records,” she said
“Healthcare providers – including community pharmacy – take patient confidentiality very seriously. We continue to work with them to improve their resilience against cyber threats.”