The general perception of cybercrime has been that it is principally the scourge of the banking and IT sectors. However, of late the medical and aesthetic cosmetic sectors have also been targeted as fair game for cyber-criminals.
The hacking of a high profile London cosmetic surgery clinic last month was a chilling warning that, in an age of daily data breaches, nobody is immune from a cyber-attack. In fact, being in possession of sensitive medical data puts cosmetic surgery clinics in a highly vulnerable position. The London clinic, whose clients include celebrities and reportedly even royals, took measures to block the attack immediately and apologised to its patients for the distress caused. However, unlike other forms of theft where stolen goods might be fully recovered, it is clearly impossible to completely reverse the damage inflicted by a hack of this nature. The hackers are reported to have stolen photos featuring graphic close ups of surgery on male and female genitalia, patients’ bodies post-operation and some photos reputedly include patients’ faces.
This recent hack should serve as a reminder to all in the aesthetic sector of the vulnerability of the data cosmetic practitioners are entrusted with; and the responsibility they have to ensure that they take the necessary steps to mitigate the chances of a breach to their network.
What can you do to protect your clinic and customers from this type of cybercrime?
You can reduce the risk of falling victim to cybercrime by taking some common-sense steps:
- Regularly change passwords
- Back up data regularly
- Run antivirus and antimalware software
- Keep software ‘patched’ ie up-to-date
- Set security levels for data access
- Monitor logins
- Secure emails
- Limit access to and from the internet
- Don’t forget to secure all IT devices, such as tablets and iPhones
- Guard against phishing attacks for personal or financial data
- When staff leave be sure to follow a cyber security checklist – delete the leaver’s login and change passwords
More advice is available about securing a business network / data from the government’s National Cyber Security Centre – the NCSC provides guidance about backing up data, dealing with malware and securing email
Cyber criminals pose a particularly menacing threat as they are constantly developing new ways to extract sensitive information. It is important to keep up to date with their latest methods as much as possible and then take action accordingly.
It can be very difficult to stay ahead of the cyber-criminals; for example in May this year the global Wannacry cyber-attack on businesses, government and most prominently our NHS network, brought to light a threat knowns as ‘Ransomware’ that can cripple a business for days.
Ransomware enables hackers to drop malware into an unprotected network, locking technology until a ransom is paid online. Meanwhile, spyware can seek out and transmit critical data to someone outside of the network.
What should I do if it happens to me?
Should the worst happen and, despite taking all possible precautions, you discover that you or your clinic has been a victim of a cyber-attack, the speed of response, effectiveness of communication and remedial action taken following the event will make the difference between maintaining customer confidence or not.
It is therefore important to have a clear breach response plan in place. In fact, under the new General Data Protection Regulations (GDPR), due to come into force in May 2018, this is something that every clinic should have.
As a cosmetic practitioner you should not underestimate the interest online criminals might have in your business or the chaos a cyber incident could cause. Cyber liability insurance will offer protection in the event of any loss, illegal threat or interruption as a result of a cyber-attack. Comprehensive insurance cover will also offer practical support in the event of a data breach, from legal advice to notifying customers or regulators. For more information contact Hamilton Fraser’s Cosmetic Insurance on 0800 63 43 881.