photo of a pharmacy phone used for PHISHING

Protect Your Pharmacy Data and PHI From Cyber Risks

Data protection and cyber security are often overlooked by small business owners and pharmacies. Most pharmacies believe they will not fall victim to any type of malicious cyber threat. Now that most pharmacies have adopted computerized pharmacy software system, most PHI and pharmacy data is digital, making it a prime target for hackers.

Today it is essential to protect your pharmacy from outside attacks and yes you will be or already have been target by malicious actors whether you know it or not. As pharmacy security consultants and managed service provider we track and monitor threats to our clients every day. In this article we will go over the top 3 threats we see in pharmacy industry.

1. Social Engineering On The Pharmacy Staff

Social Engineering is probably the most successful form of attack a cyber criminal can use. An example of this is when a scammer calls the pharmacy asking questions about the computers in the pharmacy. Usually they will say they represent Dell or Microsoft and need to get connected to install an important update.  As an untrained pharmacy team member, they may allow them to remotely connect. Once the scammer is connected they usually try to lock down the PC by installing a virus and will not unlock it until a ransom is paid. This is also called Ransomware.

Pharmacy staff are often easy targets if not trained

Remember a reputable business like Microsoft or Dell will never call you directly to install anything. Be sure to train your staff to recognize these types of scams and report them to the respective businesses who they claim to represent.

  • Microsoft Scam Report link
  • Dell Scam Report link

This form of attack is often found in emails also, however calls have been happening more recently to pharmacies. We have been seen this a lot over the past 5 years in the pharmacy industry with our clients.

2. Vishing On the Pharmacy Phone Lines

With PII (personally identifiable information) and PHI (protected health information) data becoming more and more valuable each day the number of scam attempts to obtain this data increases. A common threat we see is scammers hijacking the pharmacies actual telephone number and using it to call patients to obtain PII and PHI. Usually they use this information for identity theft.

Everyone has caller ID on their cell phones now and if you can spoof the caller ID to a legitimate business you gain most peoples trust.  This is a very difficult attack to prevent since your phone number is usually hosted by your phone company.

When this does happen to your business, the best and only option is to spread awareness about the scam. Notify your patients on social media, instore and text messages about the attack and to not disclose any information on the phone. Ask your patients if they receive a suspicious call to hang up and call the pharmacy back directly.

If you believe your pharmacy has been targeted with a Vishing attack you can contact us and also report this abuse to the FCC here. Be sure to follow directions for “Your Number Is Being Spoofed” on the FCC page.

3. Pharmacy Websites Hacked and Spam

This type of attack happens to most pharmacy websites however most attempts are not successful. Usually the hacker uses a brute force method trying common username and password combos until finally they get in. Although it’s rare, most pharmacy websites still have default “admin” or common passwords associated with their websites.

You can often spot successful attacks when a pharmacy is promoting Viagra or Cialis more than normal and has links promoting other sites. These hackers are trying to promote other online pharmacy websites and rank up their search engine ranking by having links to their pages on other pharmacy websites.

ConfigRX is also a pharmacy website designer, we block thousand of these attacks everyday. We see many attempts with the login name as “admin” or “administrator” or even the name of the pharmacy. We recommend to have 2 factor authentication for all your website users. If you think your website has been hacked feel free to contact us and we can purge the malware on your site.

If you have not started your pharmacy and you are thinking of starting a pharmacy? Knowing the requirements to open a pharmacy helps. The independent pharmacy world offers a lot of opportunities for pharmacy owners. You can be your own boss. No more 60 hour work weeks for a large pharmacy chain. Actually serve customers and help them take control of their health.

Pharmacy Cyber Security and Managed Services

We invite you to check out our Pharmacy Managed IT services. We developed this service to help pharmacy owners stay on top of their IT and Cyber Security threats. We actively monitor and manage your pharmacies IT infrastructure and hardware. Part of our managed services includes cyber security, anti-virus and remote monitoring of devices. This service also comes with on-call IT support and pharmacy specific IT consulting. If you have additional questions about cyber security or concerns please don’t hesitate to contact us.