Skip Navigation

March 9, 2020 |

Are cyber attacks a concern for dental practices?

Loading table of contents...

Cyber attacks on healthcare facilities have become more lucrative and frequent than ever before, putting all providers at risk—yes, even dental offices.

A few years ago, more than 100 dental practices in Colorado fell victim to ransomware. The attack encrypted critical files, leaving dentists to negotiate with the attackers and pay ransoms, or work with IT teams to restore data from backups.

Cyber criminals know that dental offices are busy places that rely on managed service providers for traditional IT support. Unfortunately, very few IT providers have the cyber security expertise needed to keep organizations secure from today's malicious threats. 

It’s time to get serious about cyber security and start protecting your business. Understanding your risks is the best place to start.

Attackers want your dental practice's data

The data you rely on to run your practice is one of the biggest cyber risks in dentistry. You collect, manage, and work with tons of patient data, including patient health records, insurance claims, and financial information.

These types of data are extremely valuable to cyber criminals who could benefit financially by selling or holding the files for ransom.

In the first half of 2019, more than 31 million patient records were breached in the healthcare sector, with unauthorized access (hacking) causing the majority of the incidents.

Ransomware criminals have also turned to a two-stage extortion technique where they steal the data and then continue to blackmail the victims by threatening to post and share the data publicly.

Dental staff represent a major cyber risk

According to CSO Online, more than 80% of cyber security incidents are rooted in employee negligence. And the dental industry is not immune.

Your staff may not realize that their actions (or inactions) could lead to a cyber attack. Employees using weak, repeating, or easily hackable passwords for company accounts may be providing a direct entryway for attackers hoping to gain unauthorized access to your network.

Attackers will also deliberately target employees with phishing scams. It only takes one time for an employee to click on a malicious email, open an attachment or website link, and unknowingly introduce malware into the network. 

For example, three American Dental Association (ADA) members received a phishing email signed by the ADA president with the ADA logo. While there was not a link or attachment with malware, this phishing attempt was designed to capture dentists’ passwords, ultimately in an attempt to access patient records and financials.

Dental offices at risk of supply chain attacks

A supply chain attack occurs when a cyber criminal accesses your organization through a third party with some degree of access to your systems. Attackers take advantage of the trusted relationships between partners and vendors by targeting a less-secure company and moving laterally.

Have you thought about the security of the third-party vendors and other partners you work with and rely on for services? If they are not following best security practices and have measures in place to keep their systems secure, that presents an immediate risk to your practice as well.

Two Wisconsin companies that provide online services to dental practices were hit by ransomware, infecting the software that the providers use to connect to their client’s dental offices. Soon enough, 400 dental practices that retained this online server were also infected with the ransomware.

Consider the cloud-based services you use

What about the cloud software that you use? While applications that reside in the cloud provide a lot of conveniences, there is shared responsibility between you and your cloud services provider for maintaining your security. It’s important to be aware of your responsibility—some providers publish their shared responsibility models online.

Security breaches have often occurred due to IT misconfigurations on the customer’s side. This can include everything from unmanaged or mismanaged permissions controls, not selecting or turning on the right controls to protect you, insecure data storage elements, or simply not understanding how to use and deploy the services.

In the 2019 Capital One breach, among the largest, a hacker gained access to more than 100 million Capital One customer accounts and credit card applications. The hacker had gained access through a misconfigured web application firewall—a reminder of the importance of strong, properly deployed cloud security.

Prevention is the best protection

In cyber security, prevention is the goal. If a cyber attacker locks down your computers, you may not have access to the data and apps you need to run your business. You may have to stop operations and cancel appointments. You may literally spend days, weeks, or months trying to get up and running again to serve patients.

Besides the downtime, you may face expensive regulatory fines if the attacker steals, shares, posts, or sells any private data. The damage to your reputation and loss of patient trust may be the biggest hits—especially if the incident pushes your patients to choose a new provider

Just as you promote prevention to your patients, cyber security is the same. Ensuring your practice is secure today, provides you peace of mind that you will be able to defend against cyber attacks and build a safer practice.

Get started today by speaking with one of our cyber security experts to help you understand how you may be at risk and how we can help.