10 ways pharmacies fall victim to cyber criminals

Technology expert shares tips on how to protect yourself

Training staff to prevent cyber attacks is essential for pharmacies, says MedAdvisor chief technology officer Dr David Chatterton.


As small businesses, pharmacies often don’t have access to proper IT support, he says. It’s very hard to gain back trust once a breach has occurred.

Here are 10 tips based on incidents in pharmacies:

  1. Staff should be trained to avoid using pharmacy computers for personal email and web searches.
  2. Update to Windows 10. Windows XP is not secure and no longer supported by Microsoft. Without an upgrade, pharmacies leave themselves more vulnerable to malware programs and hackers. Cyber criminals are taking advantage of old operating systems used by healthcare providers to install malware to encrypt data. They then demand a ransom be paid in Bitcoin to unlock it.
  3. Set up computers to automatically lock when not in use. Some pharmacies are lulled into a false sense of security because computers are behind the counter, but people have been caught sneaking into the dispensary area.
  4. Invest in antivirus and anti-malware software on all computers in the pharmacy.
  5. Ensure automatic updates are enabled, but be aware that some require the computer to be rebooted for the changes to apply.
  6. Don’t trust email communications on face value. Always check the sender information and any links to make sure they are legitimate. Some crooks use LinkedIn or other sources to find the names of people to impersonate.
  7. Ideally enable encryption (BitLocker) on the computer so if it’s stolen sensitive data remains protected. It’s easiest to do this when the computer is being built and be sure to keep the keys safe.
  8. Make sure passwords are easy to remember but hard to guess. For example, use the first letter of each word in a favourite song with a long title. The longer the password the better. There are software programs to help manage lots of passwords.
  9. Keep the information collected from patients, with their consent, to only what you need. Delete information after 12 months if you have not used it.
  10. Be alert. Pharmacists have fallen victim to people who illegally request information about another patient, for example a spouse during a divorce.
# Tags