Hackers are increasingly targeting dental practices, eager to access the wealth of private patient information on their networks. Not only are these cyberattacks occurring more frequently, but they have also become more severe, with devastating consequences for dental offices. Hackers are looking to break into the networks of dental practices of all sizes using ransomware or other types of cyberattacks to gain access to information that can be used for blackmail or identity theft.
But why dental practices? Dental records are being singled out by cybercriminals due to the wealth of important information they provide. Your office likely stores critical data such as patient names, addresses, dates of birth, Social Security numbers, health history forms, and family member information, as well as scans of driver’s licenses, insurance cards, 2-D and 3-D images, lab reports, and more. To hackers, this information is a treasure trove of data and more than enough to encourage identity theft. Hackers also often sell this information on the dark web.
Understanding the Threat of Potential Cyberattacks
Many dental practices are unaware of cybersecurity measures and assume that their IT team handles them. Meanwhile, hackers are constantly using more and more advanced methods to steal data. Clearly, the days of relying on firewalls and antivirus software to deter hackers are over. If these devices were effective enough to protect your practice’s data, there would be no data breaches. Unfortunately, as hackers become more sophisticated, they can now deploy tools that completely disable antivirus software and allow unauthorized access to your network.
If a hacker successfully infiltrates your dental practice’s network, it’s imperative to understand the type of attack that has been used. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid to the hacker, while malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Both of these attacks can be achieved when hackers break into your network through vulnerabilities—your “unlocked doors and windows”—a process that can take just minutes. In addition, they can gain access to your data through any type of device with an IP address, including workstations, laptops, servers, printers, digital picture frames, VoIP phone systems, smart TVs, and security cameras.
Increasingly, dental practices are also being targeted after their IT companies are hacked first. After gaining access to the company’s data on its clients, including your dental practice, you can become the next target. Just last year, the FBI and Department of Homeland Security warned IT vendors that Advanced Persistent Threat Actors are targeting IT firms to exploit information from their clients. If your IT vendor stores data such as your IP address, usernames, and passwords, a breach could allow cybercriminals to easily and quickly access your entire network.
Educating Staff about Cybersecurity Red Flags
Most dental professionals are unaware that cybersecurity awareness training is one of the requirements of HIPAA compliance. Arming your staff with basic knowledge about the warning signs of cybersecurity threats is a necessity, not a luxury.
Cybercriminals often target dental practices through phishing or spear phishing campaigns. These efforts consist of the hackers sending targeted emails to practice staff members with the intent of getting someone to click on a link or attachment or give up the credentials to your network or email system.
It’s crucial that your staff is educated about identifying suspicious emails and attachments. Remember, hackers are getting highly creative to trick people into opening these emails and/or attachments, also known as “hacking the human.”
For example, reading the sender’s email address carefully is very important, as hackers will send an email that appears to be from a familiar name, but they have changed a single letter or number. Everyone in the practice should be taught how to look out for these subtle differences, including attachments ending with “.exe” instead of “.doc,” before clicking or downloading. If opened, these items can be used to steal usernames and passwords.
Staff members must be wary of these hacking attempts, as cyberattacks can be extremely debilitating. The potentially disastrous effects of a cyberattack include a major loss of productivity and business continuity, loss of trust by patients, and a negative reputation in the community. Monetary losses resulting from these incidents can be devastating to your practice.
Taking Steps to Prevent Cyberattacks
It’s important for your dental practice to take defensive measures to help protect your network and critical patient data. IT companies are not cybersecurity companies. You need the knowledge and expertise of cybersecurity experts to ensure your network is safe. A qualified cybersecurity company will take action that:
- Audits existing policies and procedures
- Provides quarterly vulnerability scans of your network
- Conducts employee training to educate staff on the latest threats and how to prevent them
- Conducts penetration testing on your network using an ethical hacker.
Protect your data and your practice’s reputation by being proactive about your dental practice’s cybersecurity efforts.
Mr. Salman is CEO of Black Talon Security, a company based in Katonah, New York, specializing in cybersecurity solutions and HIPAA compliance for dental and healthcare companies. He has more than 27 years of experience in dental information technology and software design. He also lectures locally and nationally on cybersecurity and HIPAA.
Dental Practices Face Grave Cybersecurity Threats
Healthcare Data Breaches Reach Record High in April
Four Ways Your Competition Values Security More Than You Do