Cybercrime and Your Dental Practice
In an age where digital transformation significantly enhances the efficiency and accessibility of dental practices, the looming threat of cyber-related risks cannot be overlooked. Cybersecurity is no longer an optional investment; it's an essential shield against sophisticated threats targeting health care sectors, including dental practices of all sizes.
Health care is especially vulnerable to cyberattacks because hackers know they can potentially access patients’ protected health information and financial records. Even if your practice does not have a website or make financial transactions online, you can still be at risk simply by using the internet and working in a digitally connected office.
Ignoring the prevalence and complexity of cyberattacks could lead to dire consequences making safeguarding against cyber risks an essential aspect of modern dentistry.
The most common cyberthreats dental practices — and other businesses — currently face are data breaches, malware and ransomware. Familiarize yourself and your practice team with the very real threat of cybercrime and how it could potentially occur in your practice.
Ransomware
Ransomware cases are considered the top cybersecurity threat for the health care industry. A ransomware scenario occurs when hackers infiltrate a system and block access and then demand a ransom be paid to lift the restriction. Hackers will generally ask for the ransom to be paid via bitcoin or other untraceable digital currency, making funds unrecoverable once distributed.
In a case reported to TDIC’s Risk Management Advice Line, a practice’s software was encrypted by ransomware. Although the dentist paid the ransom demand, he did not receive the encryption key to regain access. Even an outside computer repair technician was unable to recover the data still on the practice’s server. Ultimately, the dentist had to escalate the matter to the police and suffered from a significant recovery expense.
Even if the hackers did reestablish access once the ransom was paid, there was no guarantee that the recovered data would be “clean” or intact. Once a system is compromised, there is no assurance that it won’t get hacked again.
Malware and Data Breaches
Another threat to business owners is malware, short for “malicious software,” which can infect computers through intrusive emails, web links and pop-up alerts. The malware can be downloaded without the user’s knowledge to capture private information.
A dentist called the Risk Management Advice Line after discovering her email account was hacked. An email containing an encrypted PDF was sent to 122 of her patients. The email instructed the recipient to download a program to access the PDF. The dentist was concerned that her patients would not realize it was a fraudulent email and would download the program and inadvertently infect their own personal computers. She was advised by the Advice Line analyst to notify her patients of the fraudulent email and establish a new email account as soon as possible to minimize any damages.
The Department of Health and Human Services’ Office for Civil Rights received reports of 707 data breaches within the health care industry in 2022 alone. While this number may not seem alarming, research published by IBM Security found that the average cost of a health care data breach reached almost $11 million in 2023, almost double compared to the cost of breaches in the financial industry.
Proactive Protection
While cybercriminals are becoming more aggressive and infecting more computer systems, simple human error and misplaced trust are still the leading factors in many data breaches. Thankfully, you can take steps to help protect yourself and your practice from cybercrimes.
- Strengthen passwords. Make sure each employee has a unique password that contains a combination of lowercase and uppercase letters, numbers and special characters to deter potential hackers from gaining access. Security experts suggest shifting to a “passphrase.” A passphrase is a password composed of a sentence or combination of words. Passphrases are longer than the average password, making them harder to crack and increasing the overall security of a user’s account. An example of a strong passphrase with a few random words stitched together is “R3dEleph@ntPizzaIsDelicious.”
- Back up your data. You can back up your files and data on a network-attached storage device, portable hard drive, USB flash drive or online through sites like Google Drive, Dropbox and Mozy. It’s a good idea to back up files daily, which will make recovering data easier in the case of cyberattacks or computer system damage.
- Use safety features. Install antivirus and antimalware software for all your devices and update when available. Use an encrypted virtual private network (VPN) when connecting to an unfamiliar Wi-Fi network to ensure a secure connection. These measures will help prevent your data from being compromised.
- Initiate cyber safety protocols. Educate your staff on the latest cyberthreats and include your practice’s cybersecurity policies and training protocols in your employee manual. Employ a multi-user system for the release of sensitive information. For example, make it a policy that two employees must sign off before providing anyone with secure information, such as passwords or file access, to prevent falling victim to a cyber scam and jeopardizing your computer system.
If you have concerns about your dental practice’s risk for cybercrime, reach out to TDIC’s Risk Management Advice Line. A knowledgeable analyst will answer your questions, offer recommendations and direct you to useful resources.
TDIC’s Risk Management Advice Line is a benefit to TDIC policyholders. To schedule a consultation with an experienced risk management analyst, visit tdicinsurance.com/RMconsult or call 1.877.269.8844.
522