Cyberattacks on dental offices are rising sharply, and the consequences can be devastating. With the latest threats from Russia, dental practices need to take steps now to protect their business and patient health information. Unfortunately, there is no silver bullet when it comes to preventing a cyberattack. Keeping your practice and patient information safe requires layers of protection and ongoing vigilance.
We talked to Steve White of DDS Rescue to learn about common cybersecurity errors dental practices make and what steps they can take to protect themselves from ransomware and cyberattacks. White wants dental practices to know, “Cyberattacks are preventable without a lot of effort, dollars or time.”
The steps dental practices should take to protect their business from cyberattack include:
- Email: Purchase business-class email for the practice that includes encryption and filters
- Firewall: Keep an up-to-date annual subscription to a business-class security firewall
- Software: Keep your office software updated to incorporate and deploy the latest security measures. Also, use the most recent version of your practice management software
- Antivirus Software: Purchase a business class antivirus software and keep it up-to-date
- Training: Require proper annual cybersecurity training for employees
- Risk Assessment: Hire a third party to do a risk assessment every year
While the steps above are important in protecting your practice from cyberattacks, there are also some misconceptions that may be preventing your practice from making the time and investment needed to secure your business. Here are some misconceptions White shared with us.
Misconception: “I’m just a small business. No one’s going to pick on me.”
Truth: According to White, healthcare, including the dental industry, is the No. 1 industry hit by cyberattacks. Dental practices are particularly vulnerable to cyberattacks. Once attacked, dental practices are usually unwilling to talk about it, so attacks are grossly underreported. Of the dental office protected patient health information breaches reported to HHS, 92% were ransomware attacks.
Cybercrime is a major industry with profits in the billions. It is the business model of cybercriminals to send a blast of millions of email and text messages hoping that a small percentage of recipients will click a link and their efforts will pay off. These attacks can happen to anyone, especially smaller businesses that don’t have proper protection measures in place.
Misconception: It’s too expensive to get cybersecurity risk assessments and software.
Truth: On average, a dental office hit by a cyberattack must close for 5-10 business days. If you add up the costs of having your practice closed to business, paying multiple layers of bitcoin ransom, paying HIPAA privacy reporting fees and fines, and add to that the damage to a practice’s reputation, the cost of proper cybersecurity is a manageable and crucial investment. Steve White reports that DDS Rescue knows of no office that went through a data breach and did not have an expense of at least $100K, and some dental practices have been forced to close permanently.
Misconception: My usual IT person can handle my cybersecurity needs.
Truth: Security rules in HIPPA state that dental practices need a proper security risk assessment every year. This means hiring a knowledgeable, enterprise-level, cybersecurity provider. It takes an expert not just in IT, but in cybersecurity, to create a proper risk assessment and management plan. In addition, the only way a practice can withstand a ransomware attack is to have current back-up disaster recovery system that has been properly set up. A proper back-up system means that you can still access your patient information, even if your network is blocked by ransomware. If you don’t have this proper back-up system, you will have to pay the ransom to release your patient records before you can work again.
Misconception: My employees are smart and will not be the victim of a phishing email.
Truth: Cybercriminals are clever and are constantly coming up with new ways to trick people into clicking links and downloading malware. These emails are motivating and disguised as coming from legitimate sources. Often, they are disguised as coming from an employee’s financial institution. White has even seen a phishing email containing malware that came by way of a trusted patient’s email address.
Misconception: It’s too hard to get started.
Truth: Patterson Dental offers a free, no-obligation risk assessment for new customers. Contact a Patterson representative today to schedule your risk assessment at 1-866-590-3384.
– – –