Cyber Attacks on Community Pharmacies: Are you Prepared?

Find out how McLernons can help you protect your business from malicious software by improving your cyber security…

What is Cyber Security?

Cyber security is the protection of devices, services and networks and the information on them from theft or damage. It’s essential for providing effective care, protecting your patients and maintaining their trust in the pharmaceutical services you provide.

Richard Horne, Head of GCHQ’s National Cyber Security Centre (NCSC) issued the NCSC Annual Review in December 2024 and said, “What has struck me more forcefully than anything else is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us. And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.”

“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.

“In the past year, we have seen crippling attacks ag ainst institutions that have brought home the true price tag of cyber incidents.

“The attack against Synnovis showed us how dependent we are on technology for accessing our health services.”

The NHS in England suffered months of disruption in 2024 after Synnovis, a London-based provider of pathology services, was hit by a ransomware attack in June. The attack, claimed by the Qilin ransomware group, left patients unable to get blood tests from their doctors for more than three months, and led to the cancellation of thousands of outpatient appointments and more than 1,700 surgical procedures.

Meanwhile in the US, the number of cyber attacks on the healthcare sector have doubled in the last two years.

Anne Neuberger, the US deputy national security advisor for cyber and emerging technology, highlighted the growing problem of ransomware in the healthcare industry and pointed out how healthcare data is increasingly being traded on the dark web, “with the opportunity to blackmail individuals.”

The proposals follow several high-profile data breaches in the sector, exposing the data of hundreds of millions of Americans and disrupting treatment. In February 2024, a ransomware attack on UnitedHealth subsidiary Change Healthcare reportedly exposed the personal data of more than 100 million people and paused pharmacy services and billing.

The company’s handling of the hack — which is believed to have been caused by a breach of a basic user account which did not use multi-factorial authentication (MFA) was criticized by Americans who couldn’t get their medications filled or hospital stays approved, affected healthcare providers who were going broke as a result of the cyberattack,

In May 2024, healthcare provider Ascension was hit with a cyberattack that brought down the IT systems at many of its hospitals, in some cases forcing doctors to use pen-and-paper records.

So what can you do?

YOU are the First Line of Defence

Pharmacists are particularly vulnerable to cyber-attack, and the devastating consequences that it could have on your business and your patients. Your IT systems are at the very heart of the way that you work, holding confidential patient details and dispensing histories and essential business information.

An attack could halt your business operations and severely damage your reputation, not to mention incurring potential fines from the Information Commissioner. While McLernons can advise and provide information the responsibility for cyber security ultimately rests with you. We can provide cloud backups of your pharmacy data so that it can be restored, but we are not responsible for putting in place the measures needed to protect it from cyber-attack. There are a number of measures which we recommend but it is up to the individual contractor to decide on these and implement them.

Failing to secure your systems can result in GDPR fines of up to £20 million or 4% of your global turnover. Setting aside any GDPR consequences, the loss of reputation will have huge consequences for your business. And should you be the target of a cyberattack you may be asked to pay a ransom to have your data returned to you.

Boost your cyber defences with these measures…

Hardware Firewall

Used to provide overall network security. Allows you to have a number of separate networks, so that systems such as your dispensing system can be isolated from all other networked devices, including card payment units, CCTV systems, personal staff devices etc. Firewalls will also be configured to restrict access to potentially malicious websites or specific website ‘categories’.

Office 365

This gives you the various Office applications and a secure business email account. Using Hotmail, Google and other generic email addresses vastly increases your exposure to a possible cyber security attack. This can be augmented by the use of an additional email gateway defence system, such as Proofpoint Essentials, which can isolate and quarantine suspicious emails, or block emails from previously identified suspicious addresses.

Strong Password Tactics

When we are upgrading old systems, we strongly recommend that our customers choose a new, robust password. Restrict access according to staff roles to protect patient data and comply with GDPR.

What McLernons currently manage for our customers

Data Back Up and Disaster Recovery

McLernons have implemented what we believe to be the most comprehensive back up and recovery solution. Cove Data Protection offers hourly MPS and MPS Retail back ups – giving you 24/7 peace of mind in the event of system failure, ransomware attack or natural disaster – and it also backs up all of your personal files and folders to a secure cloud repository.

Upgraded and Enhanced Virus Protection

We have rolled out what we believe is the best available EPDR (Endpoint Protection, Detection and Response) , which uses Artificial Intelligence to scan and classify potential threats. This contrasts with legacy AntiVirus which only recognises existing known threats. This service is provided by WatchGuard

In the month of December, our EPDR programme monitored over 4.5 million interactions and detected and blocked 6573 intrusion attempts on almost 6000 McLernons’ customers’ systems that it protects.

Managing Windows Updates

We manage your Windows updates, providing patches for all supported devices. Windows 7 has been ‘end of life’ since 2020 and Windows 10 ‘end of life’ is October 2025. We are working hard on your behalf to upgrade your hardware and protect your data, your patients and your businesses.

Elevate your IT Security

As your Pharmacy IT systems partner we are here to support you. We can help, advise and recommend steps that you should take to minimise the risk but ultimately the responsibility vests in you.

There are many layers of security that you overlay on your IT systems but these won’t prevent them from being hacked down the line if software is not updated, and the basics of cyber security are ignored.

As a bare minimum, we recommend that all pharmacies have a robust firewall, a proven back-up system and have upgraded their hardware from obsolete and out-of-date systems, such as Windows 7 machines. If you have any queries, please do not hesitate to contact us on ITSecurity@mclernons.ie