How 'Procedures to call insurance companies and verify coverage' prevents store shutdown? In my worldview insurance is 'sometimes we pay if ensured event occurs'. Lack or presence of the insurance changes nothing about the attack.
They're a pharmacy, they get directly reimbursed by customer's drug insurance plans and only charge customers for the uninsured amount. They need to submit prescriptions to insurance, and find out how much insurance is covering, before filling prescriptions.
You are mistakening medical insurance with computer/cyber insurance.
The post above you is talking about having manual communication with the provincial and federal medical insurance (Canada has national insurance) to confirm customers have the appropriate insurance ready so they can dispense pills, medication, and medical equipment, which is life critical equipment and supplies for many of their customers, without access to computers (which is doable if they had the procedures ready)
It’s to do with business continuity of the pharmacy’s work, nothing to do with breach.
Health insurance (not life, auto, home, commercial) often requires pre-authorization. At least in the USA. Some health plans like “hmos” are very stingy with many rules that prevent payment. It’s a fucking mess.
It might be different for Canada though, so this continuity step could be omitted.
In Canada you can buy your prescribed meds and then file an insurance form. I did that myself more than once when 'computers were down' but cash registers were not.
