Realistically, the answer is yes—but smart pharmacy owners will have a plan in place to minimize the damage. Much of that relies on due diligence measures—the kinds that regulators pay attention to when determining wrongdoing after ransomware attacks.
In a recent enforcement action, the Department of Health and Human Services Office for Civil Rights fined a private practice $250,000 for failing to conduct a thorough risk analysis to determine potential risks and vulnerabilities to protected health information it stores electronically. At a minimum, use OCR’s free risk assessment tool to uncover vulnerabilities in your pharmacy’s IT systems so you can mitigate them.
NCPA
