Cyber security is a global issue and systems worldwide are being continually targeted to access data and financial assets. It would appear that no system – personal or corporate – is immune from these attacks. If you are a small or medium-sized enterprise (SME), the National Cyber Security Centre (NCSC) estimates that there is around a 1 in 2 chance that you will experience a cyber security breach.
CPNI has become aware of incidents within the community pharmacy sector outside Northern Ireland where attempts have been made to interfere with the data held.
Community pharmacies hold a large volume of sensitive personal and financial data and any breach of the security systems protecting this information could be very damaging to the economic stability of the business and the welfare of patients. It may also leave contractors open to possible punitive action by the Information Commissioner’s Office under DPA and GDPR legislation, with resulting reputational damage to the individual and the profession.
CPNI has been working closely with the cyber security lead from the Police Service of Northern Ireland who has held discussions with a number of contractors here to understand the challenges that contractors face in managing their data.
There is a range of potentially vulnerable devices within the community pharmacy setting including PMR systems (which may be supported to varying levels by the supplier), and extending to routers, laptops, mobile phones and printers.
The following guidance has been issued by the police detailing five key steps that can be taken to improve cyber security in Community Pharmacy.
The step-by-step packages in the guidance cover the areas detailed below and further information can be accessed by clicking on the topic headline in the guidance:
- Backing up your data
- Protecting your organisation from malware
- Keeping your smartphones (and computer tablets) safe
- Using passwords to protect your data
- Avoiding phishing attacks
Following the relevant advice in the guidance package will significantly increase your protection against the most common types of cyber crime. The topics covered are easily understood and cost little to implement. While this guidance cannot guarantee protection from all types of cyber attack, it does demonstrate how simple steps can greatly contribute to the protection of your data, assets, and reputation.
A e-Learning programme is being developed by NICPLD and will be available early next year.
Contractors are reminded that the storage and back up of patient sensitive data and any amendments to your systems should be carried out in line with advice from your PMR system provider and in line with Data Protection legislation.