Dreaded Reality of Ransomware in Pharmacies Part 2 [Podcast]

As we covered in the first episode of this podcast series, ransomware is a malicious attack that restricts access to valuable data and entire computer systems until ransom money has been paid to unlock the system.  

Knowing what ransomware is and precautions to take to prevent it is a great start, but what should you do if your pharmacy falls victim to one of these attacks? Unfortunately, cyberattacks of this variety can open up a whole can of worms for pharmacies because of the sensitive data that may be compromised during the attack.

Patients’ personal health information (PHI) is typically what is held hostage, so these attacks count as a HIPAA breach. There’s no real way to know who has access to your data or whether it has been downloaded or sold.  

So, what should you do if your pharmacy is the victim of a ransomware attack? Consider these steps: 

  • Shut down everything and disconnect your computers from the internet. 
  • Notify your local law enforcement, the local FBI field office, and your cybersecurity insurance contact. 
  • Begin breach protocol as laid out in your HIPAA compliance program. You have 60 days to gather the data and make the initial report to the U.S. Department of Health and Human Services (HHS) or the Office for Civil Rights (OCR). 
  • Prepare to notify all affected patients in writing with a description of the breach and any measures they must take on their end. 
  • Begin creating processes to enact within your business to ensure something like this does not happen again in the future, including improved cybersecurity and staff training. 

In the event of a ransomware attack or other cyberattack on your pharmacy, transparency and timing are paramount. If you wait too long to report the attack or if you attempt to hide or obscure the attack in any way, the fallout will be much worse.  

Not only will lying or failing to act put your patients at a greater risk, but it will also result in a large fine for your pharmacy. These fines can be in excess of $1.5 million.  

Ransomware attacks are nasty, unfortunate situations that are all too common for healthcare organizations these days. Don’t wait to become a victim of one of these vicious attacks.  

Instead, follow the advice laid out in the first episode of this podcast to protect your pharmacy against attack. Additionally, listen to the entire second episode here (or read the full transcript below) to know what to do if your pharmacy ever becomes a victim of a ransomware attack.   


Jeff Hedges

R. Jeffrey Hedges, CDME, is President & CEO of R. J. Hedges & Associates of New Florence, PA.

Subscribe Here!

Recent Posts