Highly skilled people obtain access to valuable information. Then, they either sell it to the highest bidder or ask you to pay to regain access to it. The vast majority of us (in North America in particular) trust our health professionals, whether public or private, to keep our information secure.
Having said that, the healthcare industry is usually a late adopter of technology and, therefore, of technological safeguards as well. This technical averseness combined with the abundance of sensitive information makes healthcare a prime target for hackers, spammers, and other cybercriminals.
Symantec, a world leader in cybersecurity, recently released its Internet Security Threat Report, which outlines cybercrime statistics and shows today’s increased risk to small businesses. For example, employees of smaller organizations were more likely to be hit by email threats including spam, phishing, and email malware than those in large organizations. It makes sense, considering that smaller organizations have fewer resources and budgets to maintain high security standards.
Dental clinics face a double-jeopardy scenario. A dental clinic is a small business with limited security resources, yet it also possesses sensitive and valuable information. It is a gold mine for cybercriminals.
Also, the Symantec report indicates that there is an increase in malware, where scammers use Microsoft Office attachments (mostly Word documents and Excel spreadsheets). These documents, once opened, run specific scripts that infect your computer and possibly even your entire network.
The best advice to you and your staff is to not open these files. As a matter of fact, even an email shown in HTML format in Outlook can run malicious scripts. My Outlook has been configured to open emails in plain text only, which disables these scripts from running automatically when a preview of the email is viewed in the right pane.
DataBreaches.net and other sources reported several significant healthcare data breaches and ransomware incidents in February:
- In Australia, malware locked up 15,000 medical files at Cabrini Hospital as hackers demanded a ransom for them.
- In Nebraska, a third-party vendor’s infected device introduced a virus into CHI Health’s network.
- In Connecticut, an eye doctor’s office had to notify its almost 24,000 patients about the breach caused by a ransomware attack.
- In Minnesota, an infertility clinic reported that it was the target of a malware attack that may have exposed its clients’ personal information.
- Also in Connecticut, an unauthorized third party accessed employee email accounts to potentially breach the privacy of 326,000 patients and others at UConn Health.
- In Washington, an error exposed the protected health information of 974,000 patients at University of Washington Medicine for three weeks.
- In Sweden, the recordings of 2.7 million phone calls to a national health service hotline were stored on an publicly accessible and unencrypted system.
- In Mississippi, Memorial Hospital at Gulfport suffered a phishing incident that exposed the information of 30,000 patients.
- In Indiana, an employee of Valley Professionals Health Care responded to a phony email and put the information of more than 12,000 patients at risk.
- In Kentucky, an unauthorized access or disclosure incident involving a former employee and electronic medical records at the Kentucky Counseling Center impacted 16,440 patients.
These incidents show how cybercrime can occur within your organization. Employees consciously or unconsciously exposing health information is a real threat and must be dealt with through training and monitoring. It is one thing to let your patients know that you have been a victim of a third-party malicious hacker, but it is a completely different thing to tell them that one of your employees compromised their data.
When we look into the near future, we look up to the sky. “The cloud” is where everything is going. It is the future location of all your information. It is scalable and allows built-in security features that would be cost-prohibitive to you otherwise.
However, cybercriminals will find creative ways to disrupt the cloud infrastructure and leverage it for financial gain. This is why it is important to ensure that the organizations you are working with, whether they are in government or in the private sector, have proper security measures, safeguards, and disaster recovery plans. Keep in mind that you may be able to make a physical copy of your data from your server today, but when your data is on the cloud, that option won’t be easily available. So if a third-party vendor has lost access to your data, it is lost forever.
The more we use computers and the more centralized data centers store health information, the more these relentless cybercriminals will keep trying to obtain access to your Social Security number, credit card information, and health records. This threat is not going away. It is just becoming more mainstream with every passing day.
As the leader of your dental practice, it is up to you to educate yourself and your team. You can only avoid a danger if you are aware that it exists. Moreover, if disaster happens, you must know how it needs to be handled to minimize its impact. Keep educating yourself every day about cybersecurity if you want to protect yourself in this rapidly evolving world.
Mr. Zlatin, author of Responsible Dental Ownership (alexzlatin.com), had more than 10 years of management experience before he accepted the position of CEO of dental practice management company Maxim Software Systems, which helps struggling dental professionals take control of their practices and reach the next level of success with responsible leadership strategies. He earned his MBA at Edinburgh Business School and a BSc in technology management at HIT in Israel.
Don’t Let Data Breaches Imperil Your HIPAA Liability
How to Protect Your Dental Practice and Patients from a Data Breach
Beef Up Your Practice’s Email Security