In light of a huge increase in the number of cyber attacks on Irish businesses and organisations, such as the recent one on the Cork Campus of Munster Technological University, we thought we would tell our customers how we are helping them to best protect the security and integrity of their pharmacy IT systems.  You are the controller of your patient data – including health and other personal data- and you are ultimately responsible for maintaining your patient records in a safe and secure manner, yet we know that cyber security is not your primary remit and is highly unlikely to have formed part of your pharmacy degree!

As a result, we are constantly looking to find ways to help you protect your pharmacy and other IT systems from cyber attack, something that is becoming increasingly more likely. Lately both the  National Cyber Security Centre and Garda National Cyber Crime Bureau took the step of specifically warning small and medium business owners of the increased threat of ransomware.

This highlights a change in the tactics of cyber criminals who had typically focused on larger organisations. healthcare groups are regularly targeted by cybercriminals, as the sensitive nature of the data makes them prime targets for hackers.

If an attack were to happen to your pharmacy systems the consequences might be catastrophic – not only would you be unable to run your business, but the loss of reputation and possible fines from The Data Protection Commissioner /information Commissioner in NI would be immense.

Two reasons have been suggested for this change. The first is that bigger organisations tend to be better protected and are less likely to pay a ransom. The second is that some of the ransomware gangs became victims of their own success and attracted the attention of law enforcement which forced them to fracture. That in turn has led to a proliferation of what might be termed freelance cybercriminals who do not have the resources to take on big organisations and are searching for easier pickings among smaller companies.

It has been acknowledged worldwide that hackers prioritise health care providers in order to incapacitate systems, infect and encrypt data and seek ransom payments.

Over 18 months ago we decided to change the type of antivirus that we provided to our customers, in an effort to ensure that your IT systems are protected as much as possible from cyber attacks.

This software (Endpoint Detection and Response) worked by noticing changes in behaviour patterns and not just previously identified viruses – the reason the attack on the HSE systems in Ireland was so significant is because this was an entirely new virus, which had not been seen before  (a ‘zero day’ virus) and existing AV software failed to recognise it.

EDR uses machine learning and artificial intelligence to track potential threats and acts to remediate and even roll devices back to their pre-attack state—delivering results with both speed and accuracy. This solution can allow for the infected device to be disconnected from the network, minimising the risk of all other systems becoming compromised.

To use a footballing analogy,  if the virus was a football hooligan, the old AV worked on the basis that after the hooligan had caused havoc and incited riots at one particular game, their photo would be circulated to other football clubs with a warning not to let him into the stadium. All very well, but nobody wants to be the club that was trashed.

EDR works by identifying all fans coming to the stadium, and noticing those that don’t look or act like the majority of fans, and isolating them before they get anywhere near the turnstiles.

Since we decide to change the AV that we offered to our customer to EDR we have noticed a massive increase in the level of detection of viruses, stopping them and isolating them before they can wreak havoc on your systems. Prior to the roll out of EDR we would have received notification of at least one virus attacking a system every week, in 2022 that number was reduced to zero.

However, just like in a football game, it is never advisable to stop playing until the final whistle – cyber attackers recognise the value in health care data and are determined to access it, and independent healthcare providers such as community pharmacies are in their sights.

In just less than two years, EDR has been reimagined using all the knowledge that has been accrued into the ways that hackers think and how they target IT systems. This new software  now offers greater protection against threats, malware, ransomware, phishing attacks, etc – though, of course, anti virus on its own will not offer 100% protection from cyber attack.

This new antivirus, Endpoint Protection Detection and Response (EPDR), uses Artificial Intelligence to classify everything that presents to your IT systems as either ‘malware’ or ‘trusted’ – 99% of these decisions are done automatically, with the remaining percentage being manually classified by the EPDR cybersecurity providers.

While we can roll out encryption of your MPS system, and the patient records contained therein, we know that many of our customers will pull data to make up spreadsheets to assist in weekly dispensing, etc, and these contain patient names, addresses and medicines information. If these are on your PC, external to your MPS system, then they are more vulnerable to a cyber attack.

Another benefit of the move to EPDR is that all disks in hardware will be encrypted at rest which protects data – for example if your IT systems were stolen from your pharmacy. However, it is important to remember that you also need  good staff education, and strong passwords  – any type of disk  encryption is only as good as the password on the computer.

The new EPDR will also block access to adult and malicious content websites, which are recognised routes used by cyber security hackers to access systems. This will be rolled out automatically  to all customers over the next few weeks. Should you find that you are unable to access a website customarily used in your pharmacy, then please contact us and we will deal with these anomalies on an individual basis.

To continue that football analogy, EPDR can viruses which don’t act like normal viruses – like those football hooligans who aren’t engaging in the game, or deliberately provoking rival fans or the police, trying to gain entry to the stadium through back doors, etc.

Hopefully this will help explain the steps we take to keep your information as safe as possible and how we are constantly looking at ways to help you fight the threat of cyber attack.

The McLernons Data Protection Team