09.03.2020 Your dental practice is under cyber attack

by Field Effect

See the top risks that put you in danger

Cyber attacks on healthcare facilities have become more lucrative and frequent than ever before, putting every type of provider at risk. Dental offices have become prime targets. Too busy to deal with cyber security? Or maybe you think you’re safe because you hired an IT provider or retained IT support? Think again, as sometimes IT consultants may lack the cyber security expertise needed to keep your practice secure from today’s malicious threats. Last December, more than 100 dental practices in Colorado fell victim to ransomware. The attack encrypted critical files — data needed to keep offices open and in operation — leaving dentists to negotiate with the attackers and pay ransoms, rely on IT teams to try and resurrect any files from backups, or worse, face the uncertainty that they will still receive their files back after ransom payments are made.

Your data is valuable to cyber criminals

The reality is, the patient data you collect, manage, and work with, including health records with personally identifiable information and your financials, is extremely valuable to cyber criminals and they will launch vicious attacks to get to this data. If they’re successful, the data will be stolen, posted publicly or sold, or held for ransom.

You won’t have time for a best defense strategy as the attackers can lock down your computers, preventing access to the data and applications you need to run your business. You will be forced to stop operations and start cancelling patient appointments — that is, if you can locate the phone numbers to contact your patients. Keep in mind, if your office phone system is connected to your network, using your business phone may be out of the question as well.

You may literally spend days, weeks, or months trying to get up and running again to serve patients. Worse than the downtime and loss of revenue, if data is compromised —stolen, shared, posted, or sold — you can expect expensive HIPAA (Health Insurance Portability and Accountability Act) fines.

The damage to your reputation and loss of patient trust may be the biggest hits. One ransomware attack can make it impossible to compete for market share when patients lose trust and choose another provider.

Top cyber risks to your practice

In the first nine months of last year, the number of healthcare facilities targeted by cyber crime increased by 60%. Worse yet, ransomware attacks in the healthcare sector are predicted to quadruple​ ​this year.

It’s time to get serious about cyber security and start protecting your business.

Understanding your risks is the best place to start.

Here are five risks that could lead to cyber attacks, security breaches, and significant damage to your practice:

Your data.

The data you rely on to run your practice represents one of the highest cyber risks in dentistry. Patient health records, insurance claims, the financials you manage each day — all of this is attractive to cyber criminals that are focused on making a profit from your data. They will sell and share this information among their criminal networks, or bribe dentists for financial payments in exchange.

In the first half of 2019, more than​ ​31 million patient records​ were breached in the healthcare sector, with unauthorized access (hacking) causing the majority of the incidents.

Ransomware criminals have also been stepping up their game by using a two-stage extortion technique that not only steals the data on the first attempt, but then blackmails the victims, threatening to post and share the data publicly.

Can you imagine the reputation damage if your patient data was disclosed? A practice may never recover.

Your staff.

According to ​CSO Online​, more than​ ​80%​ of cyber security incidents are rooted in employee negligence. And the healthcare sector is not immune.

Your staff may not understand that their direct actions and lack of good security behaviors could lead to a cyber attack.

Each day, your staff could unknowingly put your practice at risk. Employees using weak or obvious, easy-to-hack passwords to access software and systems can enable attackers to crack passwords and gain unauthorized access to your network. Does your team frequently change their passwords? Using the same passwords again and again can also lead to easy hacking.

Phishing scams that fool staff into clicking on malicious emails are also high on the risk list. It’s very easy for an employee to simply click on an email, open an attachment or website link, not knowing it is actually malicious. Scams like this, called phishing, easily trick recipients into clicking and opening links and files, launching ransomware into systems and networks.

Consider this, last August, three American Dental Association (ADA) members received a phishing email​ signed by the ADA president with the ADA logo. While there was not a link or attachment with malware, this phishing attempt was specifically designed to capture dentists’ passwords — and lead to access to patient records and financials.

In addition to considering digital security, physical security is also important as lost or stolen mobile devices or laptops and iPads can also introduce risk.

Your partners and vendors.

Have you thought about the security of the third party vendors and other partners you work with and rely on for services? If they are not following best security practices and have measures in place to keep their systems secure, that presents an immediate risk to your practice as well.

Last August, two Wisconsin companies that provide online services to dental practices were hit by​ ​ransomware​, infecting the software that the providers use to connect to their client’s dental offices. This immediately infected 400 dental practices that had retained the online services.

In the Colorado example mentioned earlier, the source of the ransomware attack to the 100 dental practices was an IT services provider that was hacked and fell victim to a ransomware strain known as ”Sodinokibi” or “rEvil.” This consequently disrupted operations to the dental clients by quickly installing ransomware on the computers and encrypting their data.

Your cloud applications.

What about the cloud software that you use? While applications that reside in the cloud provide a lot of convenience, there is shared responsibility between you and your cloud services provider for maintaining the security. It’s important to be aware of your responsibility — some providers publish their shared responsibility models online.

Security breaches have often occurred due to IT misconfigurations on the customer’s side. This can include everything from unmanaged or mismanaged permissions controls, not selecting or turning on the right controls to protect you, insecure data storage elements, or simply not understanding how to use and deploy the services.

In the 2019​ ​Capital One breach​, among the largest, a hacker gained access to more than 100 million Capital One customer accounts and credit card applications. The hacker had gained access through a misconfigured web application firewall — a reminder of the importance of strong, properly deployed cloud security.

Prevention is the best protection: Get your free consultation

Just as you promote prevention to your patients, cyber security is the same. Ensuring your practice is secure today, provides you the peace of mind tomorrow that you will be able to defend against cyber attacks and build a safer practice.

Get started today by speaking with one of our cyber security experts to help you understand how you may be at risk and how we can help. Contact us.

 

Request Demo

Fill out the form and we will send you details about our demo.