There is no escaping making investments in cybersecurity technology
Warnings from Australia’s powerful pharmaceutical lobby about cyber security risks speak to wider vulnerabilities in the healthcare sector due to growing consumerisation.
Leaders in the healthcare technology sector must be careful to balance the increasingly complex demands of their stakeholders with the growing need to ensure the system is secure.
Earlier this month, the Pharmacy Guild of Australia issued a series of steps for pharmacy owners to take to reduce cyber security risk, especially around passwords, multi-factor authentication, software updates and phishing.
In Australia, the Guild has a surprising amount of influence for an organization that represents the humble pharmacy on the corner. It punches above its weight in a healthcare industry with big pharmaceutical companies and big hospitals.
The Guild is in a difficult situation. Earlier this year it was reported that Australian pharmacies had become the latest favorite targets for ransomware attacks. At least ten pharmacies have been targeted in the past 18 months.
Pharmacies are becoming increasingly digital. Whether processing digital medical records or working with third-party consumer-facing data providers, the corner pharmacy is becoming very data-heavy.
Adding to the challenge is the growing influence of pharmaceutical chains such as Chemist Warehouse, which has dramatically increased front-of-store retail offerings and reduced margins on prescriptions. This has increased pressure on the rest of the industry to compete by providing consumers with a more seamless experience at a time when cybersecurity professionals are telling them they need to invest in technology systems.
Finally, the replacement of 30-day scripts with 60-day scripts in Australia has once again hit the average pharmacy’s margins. Larger operators with more data taps on their customer base are better positioned to absorb the shock.
Most of these issues can be viewed from other parts of the healthcare system. Although there has been a shift towards critical sectors in recent times, healthcare is consistently rated as one of the most common targets for cyber security risks, purely due to the volume and importance of the data stored within it.
Furthermore, all other parts of the consumer-facing healthcare supply chain are becoming increasingly data-intensive under the same pressure. While many practices have declined during COVID-19, McKinsey estimates that the number of telehealth appointments in the U.S. has stabilized at 38 times pre-pandemic levels. That is an unprecedented digitalization of healthcare and the idea that other parts of the healthcare sector will not be exposed to the same forces is unrealistic.
Rising healthcare costs and aging populations in developed and developing countries are putting pressure on the healthcare sector to do more with less. That means we have to focus on data.
Addressing these vulnerabilities will be a challenge as the global pharmaceutical industry has traditionally lagged behind other sectors when it comes to digital transformation and security innovation.
While there is innovation, many stores and chains are still working with outdated technology that is not built for the new digital-first, data-driven world.
Pharmacists also did not need to have the same level of awareness of cybersecurity protocols as employees in hospitals and other organizations. Significant training is needed to equip them with the tools to help protect patient data.
At the same time, organizations cannot outsource cybersecurity risks to their workforce. At Intelliworx, we have found that the “everyone is responsible for cyber” mantra has reached its end in many industries. We have overloaded staff with training and cyber security incidents are still happening. Investments are also needed.
Whether small operators or larger chains, pharmacy retailers will need to make informed decisions regarding technology spend when it comes to integrating all these third-party systems and the level of complexity each organization brings.
The challenge for the pharmaceutical industry, and healthcare in general, to prevent significant cyber security damage in Australia and beyond in the coming years will be significant.
Depending on the jurisdiction, there could be scope for targeted government support as smaller operators will be less well positioned to make the necessary investments.
But healthcare technology leaders can’t escape the investable. Increasing consumer demands and increasing cost pressures are driving more and more data into their systems, and only a common-sense approach to reducing risk can meaningfully protect their organizations and their users.
Shane Maher is Managing Director of Intelliworx, a provider of managed services and cloud solutions. Intelliworx brings cloud, security and Microsoft expertise to mid-market companies around the world.