Prepare for the Next Cyberattack

You’ll see more focus on preventing and responding to healthcare system the aftermath of recent major outages.

And it’s a matter of when...not attack will happen again.

Follow your state laws, pharmacy policies, and common sense to best serve your patients during an outage...and guard against future threats.

Prevent. Be aware that over 90% of all cyberattacks start with a phishing email...which often looks like it’s from a company or person you know, such as a wholesaler or leader in your organization (CEO, etc).

Expect to get more “test” phishing emails from employers. Report signs of phishing (misspellings, poor grammar, etc) ASAP.

Minimize other vulnerabilities. Use strong, unique passwords at least 12 characters long...and ensure security software is current.

Be familiar with your pharmacy’s downtime plan...or help devise one, if needed. Make sure all staff members know where these plans are they can access them ASAP when systems go offline.

Respond. Keep the lines of communication open during an outage.

But choose your words carefully when talking with limit panic. Saying something like “Insurance systems nationwide aren’t working” is less alarming than saying “There’s a cyberattack” or “The computer system has been hacked.”

Empathize...and offer options. For example, let patients know how to get reimbursed for an Rx if they pay out of pocket...ask the pharmacist if they can give a few doses...or offer to call when systems are back up.

Document as necessary...such as by noting “payer-recognized emergency” for Rxs dispensed in good faith to provide continuity of care. This can help your pharmacy recoup payment and limit audit issues.

Remember that MANY safeguards may be unavailable...on top of unfamiliar workflows. Read handwritten Rxs more carefully...and ensure med lists are current if payer DUR alerts (interactions, etc) are down.

Recover. Stay alert for payer guidance on troubleshooting claims.

If there’s a reject, try submission code “13” an override due to a disaster or emergency. Note this on the case of an audit.

Also watch for mix-ups during the recovery phase...such as if both electronic and paper versions of the same Rx were issued. Work with your pharmacist to resolve issues...especially with controlled substance Rxs.

Dig into our resource, Dealing With Disasters, for more tips.

Key References

  • Office of Information Security: Securing One HHS. Ransomware & Healthcare. January 18, 2024. (Accessed March 5, 2024)
  • Pinkham DW, Sala IM, Soisson ET, et al. Are you ready for a cyberattack? J Appl Clin Med Phys. 2021 Oct;22(10): 4-7. (Accessed March 5, 2024).
  • Cartwright AJ. The elephant in the room: cybersecurity in healthcare. J Clin Monit Comput. 2023 Oct;37(5):1123-1132.
Pharmacy Technician's Letter. April 2024, No. 400406

Practical advice for a better career, with unlimited access to CE

Pharmacy Technician's Letter includes:

  • 12 issues every year, with brief articles about new meds and hot topics
  • 120+ CE courses, including the popular CE-in-the-Letter
  • Helpful, in-depth Technician Tutorials
  • Access to the entire archive

Already a subscriber? Log in

Volume pricing available. Get a quote