Cyber security is a global issue and systems worldwide are being continually targeted to access data and financial assets. It would appear that no system – personal or corporate – is immune from these attacks. If you are a small or medium-sized enterprise (SME), the National Cyber Security Centre (NCSC) estimates that there is around a 1 in 2 chance that you will experience a cyber security breach.
CPNI has become aware of incidents within the community pharmacy sector outside Northern Ireland where attempts have been made to interfere with the data held.
Community pharmacies hold a large volume of sensitive personal and financial data and any breach of the security systems protecting this information could be very damaging to the economic stability of the business and the welfare of patients. It may also leave contractors open to possible punitive action by the Information Commissioner’s Office under DPA and GDPR legislation, with resulting reputational damage to the individual and the profession.
CPNI has been working closely with the cyber security lead from the Police Service of Northern Ireland who has held discussions with a number of contractors here to understand the challenges that contractors face in managing their data.
There is a range of potentially vulnerable devices within the community pharmacy setting including PMR systems (which may be supported to varying levels by the supplier), and extending to routers, laptops, mobile phones and printers.
The following guidance has been issued by the police detailing five key steps that can be taken to improve cyber security in Community Pharmacy.
The step-by-step packages in the guidance cover the areas detailed below and further information can be accessed by clicking on the topic headline in the guidance:
- Backing up your data
- Protecting your organisation from malware
- Keeping your smartphones (and computer tablets) safe
- Using passwords to protect your data
- Avoiding phishing attacks
Following the relevant advice in the guidance package will significantly increase your protection against the most common types of cyber crime. The topics covered are easily understood and cost little to implement. While this guidance cannot guarantee protection from all types of cyber attack, it does demonstrate how simple steps can greatly contribute to the protection of your data, assets, and reputation.
A e-Learning programme is being developed by NICPLD and will be available early next year.
Contractors are reminded that the storage and back up of patient sensitive data and any amendments to your systems should be carried out in line with advice from your PMR system provider and in line with Data Protection legislation.
- CPNI Contractor Update 210423E – Weekly Summary 26 Apr 2021
- Contractors will have received information from CPNI in recent weeks and months in relation to cyber security. If not already completed, you are encouraged to take a few minutes to use this helpful tool to assess your security levels and identify any required actions. Information and guidance can be found here on the CPNI website.
- CPNI CU#210331A: Cyber Action Plan 31 Mar 2021
- CPNI CU#210322A: Protect Your Business, Cyber Security: Microsoft Vulnerabilities Exploitation 22 Mar 2021
- Cyber Security: Protect Your Business 23 Feb 2021
- CPNI CU 210112A RE: Cyber Security – Community Pharmacies Reminder 12 Jan 2021
- CPNI CU 201117B RE: Cyber Security – Community Pharmacies 17 Nov 2020