Skip to content
Managing Your Pharmacy in the Digital Age – Tips for Securing Data
Introduction
Last year more than 300 million patient records were compromised as the direct result of data breaches. In fact, 2024 set a new record, with 26% more healthcare-affiliated entities reporting breaches than during 2023. This included the catastrophic cyberattack on United Healthcare subsidiary Change Healthcare, which affected more than 190 million people, and resulted in a $22 million ransomware payment.
As helpful as technology has certainly been in transforming the nation’s healthcare system, making it easier for patients to access treatment and for providers to manage critical records, the convenience is not risk-free. Namely, notes one leading medical journal, the healthcare industry has become “the main victim of external and internal attacks,” vulnerable to security lapses ranging from hacking/IT incidents to unauthorized internal disclosures to disaster-induced system outages.
Overall, estimates of prescription abandonment range from 9% -11%. One survey though, conducted by GoodRx, found that 33% of Americans had a prescription sent to a pharmacy that was not filled. The GoodRx researchers extrapolated that finding to determine that “52 million Americans leave their prescriptions at the pharmacy every month.”
When asked why patients failed to fill their prescriptions, GoodRx found cost topped the list. Findings include:
- Medication was too expensive — 29%.
- Forgot to pick it up — 17%.
- Unable to get to the pharmacy — 17%.
- Medication was out of stock — 16%.
The story of prescription abandonment is one pharmacists know well. And too often, it’s a story without a happy ending: The affected patient goes without needed medication and the pharmacy misses out on a dispensing opportunity.
Impacts of Pharmacy Security Breach
For the nation’s independent pharmacies, the fallout from a security breach or service disruption can be existential. A few sobering statistics include:
- During 2023, nearly 43% of all cyberattacks were directed at small businesses.
- The average cost of a cyberattack can range from $120,000 to $1.24 million per incident.
- Cybersecurity threats were the top concern of businesses surveyed in the 2024 U.S. Chamber of Commerce Small Business Index, ahead of other serious risks including supply chain disruptions (58%), “another pandemic” (54%), and inclement weather (45%).
- 40% of small businesses never reopen in the aftermath of a disaster.
- An additional 25% close one year later.
Medication Affordability
Clearly, the stakes are high. But there are things a pharmacy can do to protect its business systems, including critical patient records. A few “must do” steps include:
Use only supported Windows releases and related software. If your pharmacy is operating on anything older than Windows 11 or Windows Server 2022, there’s a good chance your running unsupported software that has not received a security update, or will soon stop receiving critical updates.
Implement multifactor authentication practices (MFA). Multifactor authorization, also referred to as two-step verification, refers to the extra steps required to sign into an account. This could include a security question that must be answered, or a unique numeric code sent to a device linked to the operating system.
Analysis by the U.S. House Energy & Commerce Committee determined that the Change Health cyberattack “occurred because UnitedHealth wasn’t using multifactor authentication (MCA), which is an industry standard practice, to secure one of their most critical systems.”
According to Microsoft, compromised passwords are among the most common techniques used “by bad guys” to infiltrate a business’s data, but MFA is “one of the easiest ways to make it a lot harder for them.”
Conduct regular system backups. Another FCC recommendation is to regularly backup data stored on all computers. Backups should be scheduled to run automatically, at least weekly, with all copies stored either off-site or in the cloud.
Consider a cloud-based solution. With a traditional hard drive-based system, data is stored on-premises, and generally protected using solutions including firewalls, internal backups, and anti-virus software. While these may be suitable for normal business operations, traditional approaches are less effective during extreme conditions in which flooding or fire may cause physical hardware to be destroyed. Such a loss would be devastating for a typical pharmacy.
Leverage commercial anti-malware software and keep your subscription current. BitDefender, Norton, McAfee and Microsoft’s Defender suite are all great options for ensuring the integrity of your system. Make sure settings are set to run automatic scans on at least a weekly basis, with real-time protections enabled. And of course, make sure you remain current with coverage subscriptions.
Implement payment card best practices. The Federal Communications Commission (FCC)) advises businesses to “work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used.” This includes assurances that a payment processor is adherent with Payment Card Industry Data Security Standard (PCI DSS) requirements, and has all necessary protocols in place.
Secure your Wi-Fi network. The FCC also advises businesses to take steps to ensure Wi-Fi networks are “secure, encrypted, and hidden.” This includes ensuring the name of a business’s Wi-Fi network is not visible, and that access to the router is password protected.
Limit employee access to critical data. Not every member of a pharmacy’s staff needs the same access to patient records and sensitive business data. A pharmacy should set up individual passwords for each staff member, with commensurate access levels set based on each individual’s role within the pharmacy.
PrimeRx CLOUD is a cloud-based solution that can be accessed via any internet-connected device. This means a pharmacy manager can have continual access to data and pharmacy records, even during times of crisis, when it is not possible to physically travel to the pharmacy. This allows a pharmacy to continue to operate and serve patients from remote locations, with peace of mind that all systems will continue to function.
PrimeRx CLOUD allows pharmacies to store data off-site, in an encrypted form that is accessible only to authorized users. In addition, the solution ensures data security by allowing pharmacies to designate access based on each individual’s role in the pharmacy. This allows a pharmacy manager to limit access to patient information and pharmacy records based on each employee’s “need to know.”
In addition to the innovative PrimeRx CLOUD system, PrimeRx offers comprehensive Remote Backup Solution (RBS) that seamlessly backs up all data on a daily basis, with all data secured in a cloud storage facility.
Key PrimeRx CLOUD Features
Cloud-Based Storage
RBS uses the Amazon Elastic Compute Cloud (Amazon EC2) for off-site data storage.
Customized Backup Schedule
RBS can be configured to meet your pharmacy’s precise needs with options for backups to occur during non-business hours, when your pharmacy is closed.
Seamless Transition to Backup Data
Should a service disruption occur, the backup service will immediately kick in, with no disruption to pharmacy operations.
Flexible and Scalable
Pharmacies can determine their precise backup storage needs and only pay for that amount.
MMS Firewall for Additional Security
A PrimeRx firewall provides an extra layer of security in protecting data from unauthorized intrusions.
As this discussion has made clear, cybersecurity and data breaches pose existential threats to today’s small business pharmacies. Criminals are increasingly sophisticated both in the methods used to infiltrate business networks, and in the schemes launched to exploit stolen data.
Businesses can fight back though. A good first step is to understand the enormity of the problem, and the need to prioritize data security. PrimeRx is ready to help though, with options to seamless protect pharmacy data, and take the worry off pharmacists’ busy shoulders.
