Target. Facebook. Gmail.
Those are only a few of the industry giants that have fallen victim to a cyberattack recently.
While news headlines often focus on huge corporations, small businesses, like your independent community pharmacy, are more vulnerable. In fact, 71 percent of cyberattacks occur at businesses with fewer than 100 employees.
A hacked system can cost you big time in legal liabilities, opportunity costs, theft costs and damage to your pharmacy’s image.
But how you handle the incident can make the difference between minimal or permanent damage.
Here are some tips to help your pharmacy recover from after a cyberattack.
Find the root cause
A hacked system is a poisoned system.
If a poisonous snake bites you, you find a poison control expert to remove the poison and prevent it from spreading.
Similarly, the first thing to do after you’ve been hacked is to find the source of the data breach and fix it.
And, just like you wouldn’t handle poison on your own, you shouldn’t handle a data breach on your own.
Instead, hire an independent third party of forensic IT experts. They have the tools and expertise to quickly determine the root cause of an event and to repair it and prevent it in the future.
Even if you have an IT employee on staff, you should still bring in an independent party to perform the analysis. After all, the data breach happened on your current IT provider’s watch.
Get legal counsel
Don’t risk legal ramifications or costly liability for your data breach.
States have varying laws on breached information. Reach out to a legal representative to guide you through your response to ensure it meets all legal requirements.
The process may include:
- Internal investigation
- Contacting law enforcement
- Complying with mediation and notification requirements
- Planning a public relations strategy
Contact your insurance company
Your pharmacy’s insurance might cover liability for a data breach.
If so, the insurance company will often guide you through the process and hire several third parties, like system engineers, for you.
Because your insurance company has to pay for the consequences, you can trust it will be thorough in mitigating the threat and providing ways to prevent another.
Contact your agent to find out exactly what your insurance covers and what the company can do for you. The sooner you contact your agent after a breach, the better.
Change your information
After your system has been recovered and the threat removed, you need to start making calls and changing online account information.
Don’t make changes before the threat is gone. Hackers often leave viruses in the system that continue to track everything, which means they’ll immediately have access to your new passwords and information.
After it’s safe, take these steps:
- Change all your passwords
- Notify the credit bureaus so they can place a fraud alert on your file
- Tell your banks and credit card companies to lock your accounts. Notifying them immediately will release you from the liability for these charges in most cases.
Notify affected parties
If other people have been affected by the breach, inform them as soon as possible.
Speak to your lawyer beforehand to know what’s required to share and what’s wisest to share. This is a sensitive issue and the parties involved can become emotional and resort to legal action.
Take these three steps when notifying the affected parties:
1. Apologize. Be genuine and honest, and explain clearly what has occurred
2. Create a single key message. Emphasize your pharmacy’s willingness to make things right. Include information relevant to the people you’re speaking to. How will it affect them? What should they do? Foresee what questions they’ll have and answer them in your message to put them at ease
3. Explain how you’re going to prevent future incidents.
Before anything, be prepared for difficult questions. Rehearse them so you can answer confidently and reassure the concerned parties.
Some ways to convey the message include:
- Face-to-face
- Letter
- Phone call
- Meeting
- Press release (if you’re a large pharmacy with multiple stores)
Document everything
Record every action you take.
Documentation helps with insurance, legal concerns, reporting and practical prevention against a similar incident.
It also provides a record you can return to should another incident occur in the future.
Follow these tips and minimize the cost of a cyberattack to your pharmacy.
Want more pharmacy business tips and advice? Sign up for our e-newsletter.
