From phishing scams that launch ransomware attacks to fraudulent emails that redirect financial funds, keeping your dental practice—and your reputation—secure from today’s threats can be overwhelming.
Recent data shows that 82% of healthcare organizations believe that digital security is a top concern. But simply deploying antivirus software and a firewall are not going to deliver the advanced defence you need to fight today’s cyber crime tactics. In fact, more than 50% of the healthcare industry scores lower than a C grade in security.
The reality is that the right combination of tools and best practices will help you put a strong and resilient security defence into place.
Identify, protect, detect, respond, recover
To help you start building a safer dental practice, let’s look at the National Institute of Standards and Technology (NIST) and its cyber security framework.
The NIST framework document outlines industry standards and best practices for cyber security in an effort to help organizations understand, manage and reduce their risks through customized security measures and cyber attack response and recovery strategies.
One study found that more than 50% of U.S. businesses will use the NIST cyber security framework as a guideline to secure their operations. Each day, our team of cyber experts helps businesses implement best practices using the NIST framework (or other national-level cyber security policies) as a guideline.
With the five elements of NIST’s cyber security framework in mind—identify, protect, detect, respond, and recover—here are a few tips to help you start securing your dental practice.
Identify your risks
The best place to start is by mapping out your threat surface—the set of all parts of a network where vulnerabilities and threats could lead to access by unauthorized users.
Networks are dynamic, constantly growing to incorporate new equipment, data, applications, and users, as your practice's needs evolve. As your network grows to keep pace with your practice, so does your threat surface.
Beyond the obvious culprits like hardware and software, even devices that control the temperature and lighting in your office all increase your threat surface, putting you at greater risk and creating new opportunities for unauthorized access.
However, identifying your risks isn't always easy. We suggest a security assessment, something our Field Effect team provides free of charge, to get an in-depth look at your network and its behaviour. The assessment will also identify weaknesses, vulnerabilities, and anything else that could lead to unauthorized access, or worse, a cyber attack.
Protect your dental practice
Protection relies on two things: the right education and the right technology.
A Brigham Research study, with support from Harvard Clinical and Translational Science Center, simulated email phishing tests on employees to evaluate the impact of cyber security awareness training. Through 95 simulated phishing campaigns that produced nearly three million emails, only 14% of employees clicked on the malicious links—this showed an increase in employee awareness and the value behind employee training.
With regard to technology, it's important to secure your network with strong multi-layered defence, including a firewall, a virtual private network, and other web protection. If one layer of security is compromised, your additional layers will protect your data. Update your software and applications regularly to reduce the risk of cyber criminals taking advantage of vulnerabilities in outdated software versions.
Detect cyber security threats
The ability to detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks, yet a recent study shows that half of SMEs are struggling to detect incidents. Other data revealed that more than two-thirds (69%) of SMEs haven’t documented or identified cyber security threats.
Automated, 24/7 threat monitoring and detection provides multiple advantages to building safer businesses. It will help you stay ahead of the threats and risks that exist in your network, and also identify where you need to invest in security measures.
Covalence, our cyber security solution, provides sophisticated, purpose-built monitoring capabilities, as well as automated alerts and summaries that prioritize immediate risks and measures that may be needed down the road, allowing you to better plan and budget cyber security. We call these AROs—Actions, Recommendations, or Observations—and they help businesses just like yours continually improve their security health.
The best news is that Covalence is designed to be simple to use and manage, providing threat information you can easily understand and take action on.
Respond to threats
Dental practices must have the ability to respond to cyber incidents and minimize the impact to their operations.
Many small businesses are too busy to tackle cyber security planning, and this includes ensuring they have steps in place to respond to a threat—or what the cyber security industry calls incident response planning—but this one step can help you get back into operation sooner, save your reputation, and avoid or reduce HIPAA fines.
More than 1,000 SMEs were surveyed last year about incident response and nearly half, 48%, said they have no response plan for a cyber incident. Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data?
Recover from an attack
Effective recovery from a cyber attack is critical to restoring your capabilities and any services impacted. There must be a plan in place to coordinate the activities required—including recovery of systems and data, and investigation into the attack and breach to understand how the attack happened and to help improve security in the future.
If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone—data shows that 43% of SMEs do not have a recovery plan for a cyber security incident.
Communicating to patients and other third parties must also be part of your plan, especially if patient appointments must be cancelled or if personally identifiable information was compromised. According to HIPAA’s breach notification rule, dentists are required to give notification when a breach has occurred that affects patient health information.
It’s important to know and follow the right steps for recovery following a cyber attack—and equally critical to understand how the attack happened so you can prevent another attack in the future.
Secure your dental practice today
There is no time to waste. Data breaches in dentistry aren’t going away any time soon. Fortunately, there are ways to fight back and our team is here to help.
Contact our cyber security experts today and we'll get started on your free 30-minute security assessment.