Today’s consumers care very much about convenience, but also expect dependability when it comes to the services they choose. To keep pace with consumer’s needs, grocers have evolved their offerings, providing one-stop shopping that includes in-store pharmacies that benefit both the consumer and the store itself by drawing additional traffic.
Growth within in-store pharmacies has changed the way consumers shop, what is purchased, and the amount of sensitive data that is exchanged in the process. From card data to personally identifiable data (PII) to protected health information (PHI), let’s dive into how these changes within grocery store pharmacies bring opportunity, challenges and solutions grocers need to continue growth while protecting sensitive data.
- Evolution of Pharmacies in Grocery Stores
- Growth of In-Store Pharmacies Creates Opportunity for Fraud
- Protecting PII and PHI Data at the Pharmacy
Evolution of Pharmacies in Grocery Stores
Pharmacy and grocery have expanded to a food-as-medicine approach, connecting grocery offerings to nutrition, wellness programs and medication. This synergy between medications and healthy foods has allowed stores to cross-promote products, like pairing heart-healthy foods with blood pressure medication, creating a more holistic shopping experience. As people increasingly focus on managing their health, having a pharmacy helps grocery stores meet a broader range of consumer needs, making them more competitive.
A 2023 McKinsey report suggested that creating “a differentiated experience for the consumer or offering a differentiated set of products and services” is the key to long-term success in pharmacy. It also found that consumers were eager to get more from their pharmacy staff. Nearly half of the over 1,000 consumers surveyed said they welcome the expanding role of retail pharmacies.
Customer convenience, one-stop shopping, and the marriage of grocery and healthcare allows consumers to meet multiple needs in one location, creating an optimal experience for shoppers and the opportunity for grocery stores to create stickiness with loyalty programs and rewards.
Grocery Dive recently explained how pairing grocery with health provides a competitive advantage.
“Supermarket pharmacies are set to benefit from the growing connection between food and medicine. The Food Marketing Institute found that pharmacy sales account for around 3% of grocery store sales, or about 6% to 9% of store revenues for chains with a heavier pharmacy presence. Grocers will look to increase those percentages, but clearly the true value of pharmacy lies in its ability to establish retailers as health destinations.”
Growth of In-Store Pharmacies Creates Opportunity for Fraud
Like any retailer accepting card payments, grocery stores collect valuable customer data with every transaction. Keeping this data safe can be a challenge, but for pharmacies, the burden is more immense.
Like any healthcare organization, pharmacies collect PII and PHI data from customers. This information – a customer’s name, address, email address, phone number, date of birth, social security number, prescriptions, prescription labels, patient profiles, patient-counseling records, claims and insurance information, and health diagnoses – has proven to be highly valuable to cyberthieves.
The healthcare (pharmacy) sector has long been a favorite and lucrative target for hackers, who can sell off the data piece by piece on the dark web. Unlike credit card data, medical records have a long lifespan and cannot be easily altered. Stolen medical records take longer to identify malicious activity, allowing cybercriminals to misuse them for longer periods of time – which is why healthcare has the highest average cost for a breach 13 years running– according to IBM.
IBM’s 2024 Cost of a Data Breach report revealed that healthcare once again topped the list for costliest breach by industry, reaching USD 9.77 million per breach in 2024, doubling the global average cost of $4.88 million per breach.
Protecting PII and PHI Data at the Pharmacy
Pharmacies can reduce the risk of cyberattacks and ransomware by implementing industry-standard data security practices and complying with applicable federal and state laws. CISA has published recent guidance which includes best practices to protect sensitive data, recommending encryption for data protection.
Bluefin specializes in medical payment and data security solutions to protect healthcare organizations, including pharmacies. Our flagship products include our PCI-validated point-to-point encryption (P2PE) solution for the protection of point-of-sale cardholder data and our ShieldConex® data security platform for the protection of consumer, medical and payment data entered online. Combined, P2PE and ShieldConex provide the most secure and holistic solution for healthcare data.
Weather at the grocery checkout, online, or at the pharmacy counter, Bluefin protects PII, PHI and payment data, ensuring your customer’s data is secure and your brand is protected.