Understanding cyber attacks: how to protect your optometry practice

The scenario

“As an optometry practice owner, I’m vaguely aware of the dangers of cyber attacks – but I’m not sure what the term really means, or where to start in protecting the business. Can you help?”

Rami, AOP member

The advice

Emily Tyler, commercial development manager at AOP insurance affinity partner, Lloyd & Whyte

What does the term cyber attack mean? A cyber attack is when a hacker gains entry to a computer network with the intention to destroy, decrypt or steal data from that system.

When cyber attacks occur, the hacker will aim to ransom data, cause damage or maliciously delete files and records. The impact of a cyber attack can be devastating – disruption to patient care, significant financial losses, and reputational damage that can take years to repair.

Cybercrime is on the rise. There were an estimated 7.78 million cyber-attacks on UK businesses in 2024. In 2022, cyber crime cost the UK healthcare sector £5.2 million.

Phishing is the most common method used by cybercriminals to attack businesses, especially those in healthcare. Phishing emails may claim to be from a bank, request account details, or offer a coupon for free items. Phishing websites may mimic legitimate login pages. Phishing phone calls, also known as vishing, may involve a scammer posing as a bank representative and requesting account details. Phishing and scam emails can be very harmful if you fall for them. They can compromise patients’ personal or financial information, damage your device, or expose you to further attacks.

Whether it’s phishing emails, ransomware attacks, or data breaches, the healthcare sector, including optometry practices, are prime targets. Why? Because patient data is highly sensitive and valuable.

Why are healthcare systems particularly vulnerable?

• Confidential patient data
• Urgency to pay ransom and recover the system
• Reliant on technology and reputation
• Use of third-party software providers.

Cyber criminals often target the weakest link within a supply chain. One infected device puts your entire system at risk.

What cyber insurance offers

Cyber insurance is no longer a luxury–it’s a necessity. When an attack can’t be prevented, cyber insurance could give you access to an incident response team, including specialist PR agencies, IT forensics and legal experts, patient communication support (including GDPR compliant notification), and a crisis communication plan.

It also provides indemnity for the various costs incurred. Cyber insurance provides tools and support to deal with a cyber incident, including 24/7 incident response, which means practices are always ready should the worst happen.

Whether it’s phishing emails, ransomware attacks, or data breaches, the healthcare sector, including optometry practices, are prime targets

Investing in cyber insurance isn’t just about safeguarding your optometry practice — it’s about protecting the people who depend on you. Cyber insurance is there to help your business to recover following a cyber incident. From cyber forensics and IT support to covering data breaches, having cyber insurance has got you covered 24/7.

As an AOP member, you can benefit from expert financial advice, tailored insurance policies, and professional support provided by Lloyd & Whyte. Recognised as one of the few organisations in the UK to hold both Chartered Insurance Broker and Chartered Financial Planner status, Lloyd & Whyte demonstrates a strong commitment to professionalism, expertise, and exceptional service.

With over 20 years of experience supporting healthcare practices, they offer comprehensive assistance, including help with claims and updates to your insurance cover.