In the fall of 2020, a joint Cybersecurity and Infrastructure Security Agency (CISA), FBI, and U.S. Department of Health and Human Services (HHS) Cybersecurity Advisory issued a warning to healthcare and public healthcare sectors following a spike in ransomware activity. The Advisory explained that the healthcare industry was being actively targeted with the aim of infecting systems with ransomware.
November and December 2020 saw a 45% increase globally to an average of 626 cyberattacks per week on healthcare organizations. Experts say that the healthcare industry is targeted because there is a higher probability that a ransom will be paid than attacks on other industry sectors.
How Does This Relate to Dental Practices?
Why attack a small business like a dental practice? Think of it this way. A home has many doors. A burglar will try each door in an effort to enter the premises. He’ll move from door to door, window to window, etc. until one opens. If he is a pro, he’ll make sure there is no alarm system or security system in place. His goal is to steal, and he'll target homes that have the lowest level of protection. He’s fine with scoring a small heist because it won’t attract much attention. If he robs several large or high-profile homes, he may draw attention to himself. Small dental practices may not have the most up-to-date cybersecurity protection which means one of the doors or windows is more likely to be unlocked.
But let’s not get too far ahead of ourselves. To understand how to be prepared for possible attacks, it is helpful to define the two most common types of threats:
- Ransomware - Malware that encrypts a victim’s files, essentially preventing access to the files. The cybercriminal then holds the data for ransom, not unlocking it until they receive payment.
- Phishing - The act of sending an email or other types of messages (e.g. texts) which appear to be from a legitimate organization. In an effort to prompt a person to click on a link in a message, it is usually combined with a threat or request for information or a link to a topic of high interest.
Cybersecurity Risks Associated with On-Site Servers
In general, there are two distinct areas where practices are vulnerable. Since a cybersecurity event can paralyze your business, you must have an effective data backup and security strategy in place to recover from such an event. Keep in mind that as a healthcare provider the responsibility for cybersecurity is 100% yours. Chances are you didn’t know you were signing up for that when you started your own dental practice.
Second, in their prime, on-site servers were considered the best way to have control over your practice’s records and data. Not anymore. While it’s not hard technically to back up a networked device, there’s plenty of room for human error; and the data itself is likely vulnerable unless you invest time and money to build and maintain a proper data security strategy.
Why More Dentists Are Moving to Cloud Technology
The right attitude about cybersecurity is to have a “when I get attacked,” versus “if I get attacked” mentality. The attack vectors change all the time and as the recent Colonial Pipeline incident proved, one person clicking on a malicious link in a phishing attack is the equivalent to letting someone follow you through a locked and guarded door.
Moving to the cloud with the right partner will minimize your risk of patient data breaches and reduce your cost for the hardware and software necessary to manage your practice. On top of these benefits, the cloud alleviates server-based technology issues that cost you time and money. Operating from the cloud enables practice management software companies like Curve Dental to continuously integrate the latest security technology for you, ensuring your data is always safe. In addition, security concerns aren’t what they used to be, and studies confirm the cloud is safer than storing information on-premise. Salesforce.com reports that 94% of businesses experienced an improvement in security after moving to the cloud.
Dental practices that move to the cloud are less vulnerable to cyberattacks and can protect themselves much more cost-effectively than those who use a server-based system. Given the recent uptick in attacks against dental practices, that’s considerable peace of mind.
Having the right defenses is of paramount importance, but of equal importance is recoverability. Be aware that having a backup is not enough. Recoverability is one of the most important reasons to go with a cloud provider. Even if someone internal or an external attacker deleted all of your data, having a partner like Curve Dental can help you recover quickly because of the security programs in place and regular testing of the ability to restore customer data.
Steps You Can Take Immediately to Protect Yourself and Your Practice
- Take a multi-tiered approach to security.
- Send regular cybersecurity awareness communications to your staff and include security in new employee onboarding.
- Train your staff on intentional and diligent password management and eliminate duplicate passwords.
- Use a password manager with two-factor authentication – Keeper, LastPass, 1Password, Dashlane.
- Create complex passwords (or let the password manager do it) and rotate them regularly.
- Use two-factor authentication whenever possible, especially with financial institutions.
- Do not use memory sticks unless you bought them. Malware can be placed on a stick planted by a cybercriminal and you’ll never know it until it is too late.
- Do not text, email, or share passwords.
- Do not click on links in emails and messages –go to the sites of interest.
- Do not give your personal information to people that contact you – by phone, email, web or other means. You should always be the one to initiate the contact.
- Keep your technology systems patched and updated with the most current security software.
- Use your technology in the office only for the office. Make it a policy not to allow online shopping from any of your practice’s computer.
Download and use this guide:
Cybersecurity - Steps to Protect Your Practice.
The Curve cloud-based platform enables sole proprietors and mid-size organizations to get enterprise-class cyber security protection at a fraction of the cost of doing it yourself. Curve can help remove the security burden from your shoulders and help protect you from ransomware attacks that can devastate your practice.
To learn more, schedule a Curve Dental demo.