Overview of the Cyber Essentials Guide

The IPU Cyber Essentials Guide has been specifically tailored to meet the needs of Irish community pharmacies. It draws on both the UK Cyber Essentials framework and the guidelines provided by the Irish National Cyber Security Centre (NCSC). The guide offers a structured approach for safeguarding sensitive patient data, protecting pharmacy systems, and ensuring service continuity amidst increasing cyber threats.

The guide covers several key areas:

• Firewalls and Internet Gateways: The first line of defence, essential for controlling unauthorised access to your systems;
• Secure configuration: Ensuring that all devices are securely set up from the outset;
• Security update management: Regularly applying patches and updates to close vulnerabilities;
• User access control: Restricting system access to authorised personnel only and managing administrative privileges carefully;
• Malware protection: Installing and maintaining anti-malware software, as well as employing application allow-listing to prevent unauthorised programs from running;
• Data backup and recovery: Implementing a strong backup strategy to ensure data can be restored in case of a system failure or cyberattack; and
• Disposal of IT equipment: Ensuring that data is securely erased before decommissioning IT equipment.

In a separate article in this month’s IPU Review, the Cyber Hygiene Checklist provides further guidance by outlining essential daily practices that all pharmacy staff should follow. These are practical and straightforward steps that can be implemented consistently to maintain strong cybersecurity hygiene. When used in conjunction with the Cyber Essentials Guide, pharmacies can build a strong foundation of security, minimising risks without overcomplicating operations.

For those pharmacies that fall under the scope of NIS2, another article will address the specific requirements of the directive. NIS2 imposes additional obligations for organisations that handle critical data, ensuring that more advanced cybersecurity measures are implemented to protect against sophisticated threats.

IT services

There is an industry of solution providers for cybersecurity, offering a range of services that can be tailored to your pharmacy’s specific needs. When searching for IT services, consider reaching out to companies that specialise in cybersecurity solutions. It is essential to find a provider that understands the unique demands of healthcare and can offer services that align with your pharmacy’s requirements.

Key factors to consider when selecting an IT services provider include:

• Location: Choose a provider that can offer timely support, particularly if on-site assistance is required;
• Availability: Ensure the company provides 24/7 support, as downtime during a cyber incident can severely impact your operations; and
• Cost: While budget constraints are always important, remember that investing in robust cybersecurity measures can save your business from far greater financial losses in the event of a data breach.

By working with an experienced IT service provider, your pharmacy can benefit from tailored solutions that help strengthen your cybersecurity posture and ensure compliance with both the Cyber Essentials Guide and, if applicable, NIS2 requirements.

“Securing configurations, managing access control, and keeping software updated are crucial measures that, when implemented together, provide a strongdefence against emerging threats.  

Taking action

The best course of action for every pharmacy is to begin with these foundational cybersecurity practices and build upon them. By following the steps outlined in the Cyber Essentials Guide, pharmacies can greatly reduce their exposure to cyberattacks. Securing configurations, managing access control, and keeping software updated are crucial measures that, when implemented together, provide a strong defence against emerging threats.

For full details and further guidance, please visit the complete guide at ipu.ie/cybersecurity.

This Cybersecurity Awareness Month, take proactive steps to protect your pharmacy and its sensitive data. By starting with these essential measures, you will significantly enhance your cybersecurity posture and protect against the evolving landscape of cyber threats.