Warnings from Australia’s powerful pharmaceutical lobby about cybersecurity risk speak to broader vulnerabilities in the healthcare sector on the back of growing consumerisation.
Healthcare technology industry leaders need to be careful balancing the increasingly complex demands of their stakeholders with the growing need to ensure the system is secure.
Earlier this month, the Pharmacy Guild of Australia issued a series of steps pharmacist owners should be taking to reduce cybersecurity risk, mostly around passwords, multi-factor authentication, software updates and phishing.
In Australia, the Guild carries a surprising amount of influence for an organisation that represents the humble corner store pharmacy. It punches above its weight in a healthcare industry of big pharma and big hospitals.
The Guild is in a difficult spot. Earlier this year, it was reported that Australian pharmacies had become the latest preferred target for ransomware attacks. At least 10 pharmacies had been targeted in the previous 18 months.
Pharmacies are becoming increasingly digital. Whether it’s handling digital health records or working with third-party consumer-facing data providers, the corner pharmacy is becoming very data-heavy.
Adding to the challenge is the growing influence of pharmaceutical chains such as Chemist Warehouse, which has dramatically increased the front-of-shop retail offering and cut margins on prescriptions. This has increased pressure on the rest of the industry to compete by offering consumers a more seamless experience at a time when cybersecurity professionals are telling them to invest in technology systems.
Finally, in Australia, the replacement of 30-day scripts with 60-day scripts has again hit the margins of your average pharmacy. Larger operators with more data taps plugged into their customer bases are better positioned to absorb the shock.
Most of these issues can be viewed from other parts of the healthcare system. While there has been a shift towards critical industries lately, healthcare consistently rates as one of the most common targets for cybersecurity risk, purely because of the scale and importance of the data it holds.
Further, all other parts of the consumer-facing healthcare supply chain are becoming more and more data-heavy due to the same pressure. While many practices during COVID-19 have subsided, McKinsey estimated telehealth appointments in the US stabilised at 38 times their pre-pandemic levels. That’s an unprecedented digitalisation of healthcare and the idea that other parts of the healthcare industry won’t be subject to the same forces is unrealistic.
The rising cost of healthcare and ageing populations across the developed and developing world are putting pressure on healthcare industries to do more with less. That means turning to data.
Tackling those vulnerabilities becomes a challenge because the pharmaceutical industry globally has traditionally lagged behind other sectors when it comes to digital transformation and security innovation.
While there are pockets of innovation, many stores and chains still operate with legacy technology that was not built for the new digital-first, data-driven world.
Pharmacists have also not had to have the same levels of awareness of cybersecurity protocols as workers in hospitals and other organisations. Significant training is needed to equip them with the tools to help protect patient data.
At the same time though, organisations cannot outsource cybersecurity risk to their staff. At Intelliworx, we have observed in many industries that the ‘everyone is responsible for cyber’ mantra has run its course. We’ve overloaded staff with training, cybersecurity incidents are still happening. Investment is needed as well.
Whether small operators or larger chains, the pharmacy retail industry will have to make considered decisions with its technology spend when it comes to integrating all these third-party systems and the level of complexity that brings to each organisation.
The challenge for the pharmaceutical industry, and the healthcare industry in general, to stave off significant cybersecurity damage in the years to come in Australia and beyond will be significant.
There could be scope for targeted government assistance depending on the jurisdiction as smaller operators will be less well positioned to make the necessary investments.
But healthcare technology leaders cannot escape the investable. Increasing consumer demands and cost pressures are thrusting more data into their systems and only a sober approach to lowering risk will meaningfully protect their organisations and their users.
Shane Maher is Managing Director of Intelliworx, a provider of managed services and cloud solutions. Intelliworx brings cloud, security and Microsoft expertise to mid-market businesses around the globe.