London Drugs cyber attack: What businesses can learn from its week-long shutdown

The London Drugs cyber attack has been making headlines throughout the country. What makes this breach unique, is the impact it has had on operations and customer access. Following the attack, all 79 London Drug stores shut down for over a week. Leaving their customers with difficulty accessing prescriptions and other medical needs. 

Like all breach stories, this headliner can be used to the advantage of security managers. Use this story as a case study to teach your executives, team members, and yourself lessons on the current state of cyber security. In today’s blog, we will review the story of the London Drugs cyber attack and what businesses can learn from it. 

What happened?

On April 28th, Canadian-owned pharmacy, London Drugs, shut down all 79 of their stores following a cyber attack. The cause of the attack is still unknown, as the company refuses to release information as it could “put them at further risk”. However, company leaders have mentioned social media, international threat actors, and customer logins during their speeches to the press. London Drugs says that they do not believe any customer data was stolen, but can never be 100% sure. 

The biggest impacts of the breach were felt afterwards, as the stores remained closed for over a week. This left many Canadians nervous about medicine and prescription access. London Drugs created a solution by having pharmacists available to take calls at all locations for emergency prescription fills. 

To secure and restart their systems, London Drugs hired a third-party security company, which they relay as the reason for the long shutdown. The company is still working on putting all systems back online and finding the source of the breach.

Lessons to be learned

There are many lessons to be learned from this breach story. Whether you are a security awareness manager or an employee in another department, here’s what you can take away: 

Build a breach response plan

It is imminent that all businesses have a security breach response plan. More importantly, employees need to know what to do when they see unusual activity and when they are alerted to a cyber attack. 

Security teams should create a comprehensive breach plan that includes:

  • What makes a privacy breach? – What are the signs and requirements that constitute something as a privacy breach? Is it as soon as someone clicks on a malicious link? When something is detected on your network?
  • How is a privacy breach reported? – How can an employee report suspicious activity? Accidental link clicks? What are other methods or tools your security team uses to detect suspicious activity on your network?
  • What is the immediate response by the security team? – We recommend following this 5-step action plan after an employee clicks on a link or you discover suspicious activity on your network. 
  • What is the immediate response from employees? – Educate your employees on what their action steps should be following a breach. How will they know when a breach occurs? What are the 3-5 steps they should take after being notified of a breach? How do they stay in contact with your team if all systems go offline?
  • How will customers be communicated to? Lastly, pinpoint who will be in charge of communicating to all customers about the breach. Decide what the communication will look like, how soon after the breach communication will go out (as soon as possible is best), and which information you will share. This is something critics are saying London Drugs could have done better. 
  • How will the security team meet following the breach? – If all systems go offline, how, where, and when will the security team meet to continue to work to get systems back online? Deciding this beforehand will save your team a lot of scrambling during an actual breach. 

Create a plan for offline service

On top of your breach plan, your operations team should have a plan for if your system ever goes offline. Their plan should take into consideration:

  • How will this be communicated to customers?
  • What is necessary for our business to function?
  • What do we need access to even if we go offline? How can we make that available when we are offline?
  • What will our internal process look like offline? Who will continue to work?
  • What will our external process look like? How will customers continue to use our product/service?
  • What would this look like for a few days? 1 week? 2 weeks? A month?

This is another crucial step to surviving a breach. London Drugs is likely losing large amounts of revenue due to this week-long closure and could lose even more customers due to a damaged reputation. Taking time to plan out your offline service plan can save your business money and loyal customers. 

Reflect on the personal data you collect and store

The reason many of these breaches are so alarming to customers is that they didn’t realize the data the business stored. As a pharmacy, London Drugs has access to medical records and personal data. Cyber criminals know this and probably targeted London Drugs due to this data. 

Businesses need to reflect on the data they collect and store. Is it truly necessary for your business? If it is, how do you store and protect it? Do you clearly communicate to your customers the data you are storing?

Answer these questions and reduce your data storage to only include customer data which is fundamental to running your business. Anything else is just an additional liability you don’t need to be responsible for. 

Educate employees on spotting threats

This story also serves as a huge reminder to businesses to educate their employees on spotting threats. We don’t know the official reason for this breach, but judging by the company’s mentions of social media and logins, we can assume there were human components. 

The more you educate your employees on security awareness, the stronger your first line of defence is to protect your business. Use this story as a case study to prove to your executives that security training should be a priority and deserves more resources and budget. Then, implement engaging interactive training on topics that are relevant to your business like social engineering, passwords, and phishing. 

If anything, let this story be the sign that your business needs to start taking cyber security seriously. Because of one attack, London Drugs was out of business for over a week and still isn’t working at full capacity. Don’t let this happen to your business. Stay safe by planning ahead, using proper data storage techniques, and educating your employees.