Safeguard your Dental Practice Data from Cyber Threats
October 12, 2023
TDIC’s Risk Management experts offer simple steps you can take now to shield your practice and patient data from the rising threat of cyberattacks.
What do Anthem, Yahoo, LinkedIn and JP Morgan Chase have in common? If you guessed that they were all victims of some of the world’s largest data breaches, you’d be correct. From insurance carriers to retailers, financial institutions to the U.S. military, all organizations that have an online presence are subject to cyber-related risks and the reputational damage and loss of consumer trust that follow.
Unfortunately, not all businesses can recoup what they lose from cyberattacks. Major corporations can usually recover any losses as they have the financing, in-house skills and manpower to address the problem and recover lost data. But small businesses aren’t always as equipped to respond.
Dental Practices are Vulnerable
The health care industry is especially vulnerable to cyberattacks as hackers know they can access both patients’ protected health information (PHI) and financial records. Even if your practice does not own a website or make financial transactions online, you can still be at risk simply by using the internet and working in a digitally connected office.
The most common cyberthreats businesses currently face are data breaches, malware and ransomware.
Ransomware
Ransomware cases are considered the top cybersecurity threat for the healthcare industry by. A ransomware scenario occurs when hackers infiltrate a system and block access and then demand a ransom be paid to lift the restriction. Hackers will generally ask for the ransom to be paid via Bitcoin or other untraceable digital currency, making funds unrecoverable once distributed. Ransomware was notably used in an attack on the American Dental Association in 2022.
In a case reported to The Dentists Insurance Company’s Risk Management Advice Line, a practice’s software was encrypted by ransomware. Although the dentist paid the ransom demand, he did not receive the encryption key to regain access. Even an outside computer repair technician was unable to recover the data still on the practice’s server. Ultimately the dentist had to escalate the matter to the police and sustained a significant recovery expense.
Even if the hackers did reestablish access once the ransom was paid, there was no guarantee that the recovered data would be “clean” or intact. Once a system is compromised, there is no assurance that it won’t get hacked again.
Malware and Data Breaches
Another threat to business owners is malware, short for “malicious software,” which can infect computers through intrusive emails, web links and pop-up alerts. The malicious software can be downloaded without one’s knowledge and capture private information.
A dentist called the TDIC Risk Management Advice Line after discovering her email account was hacked. An email containing an encrypted PDF file was sent to 122 of her patients. The email instructed the recipient to download a program to access the PDF. The dentist was concerned that her patients would not realize it was a fraudulent email and would download the program and inadvertently infect their own personal computers. She was advised to notify her patients of the fraudulent email and establish a new email account as soon as possible to minimize any damages.
The Department of Health and Human Services’ Office for Civil Rights (OCR) received reports of 707 data breaches within the healthcare industry in 2022 alone. While this number may not seem alarming, research published by IBM Security found that the average cost of a healthcare data breach reached almost $11 million in 2023, almost double compared to the cost of breaches the financial industry.
Proactive Protection
While cybercriminals are becoming more aggressive and infecting more computer systems, simple human error and misplaced trust are still leading factors in many data breaches. Thankfully, there are steps you can take to help protect yourself and your practice from cyber risks.
Strengthen passwords. Make sure each employee has a unique password that contains a combination of lowercase and uppercase letters, numbers and special characters to deter potential hackers from gaining access.
Back up your data. You can back up your files and data on a network-attached storage device, portable hard drive, USB flash drive or online through sites like Google Drive, Dropbox and Mozy. It’s a good idea to back up files daily, which will make recovering data easier in the case of cyberattacks or computer system damage.
Use safety features. Install antivirus and antimalware software for all your devices and update when available. Use an encrypted virtual private network (VPN) when connecting to an unfamiliar Wi-Fi network to ensure a secure connection. These measures will help prevent your data from being compromised.
Initiate cybersafety protocols. Educate your staff on the latest cyberthreats and include your practice’s cybersecurity policies and training protocols in your employee manual. Employ a multi-user system for the release of sensitive information. For example, make it a policy that two employees must sign off before providing anyone with secure information, such as passwords or file access, to prevent falling victim to a cyberscam and jeopardizing your computer system.
If you have concerns about the security of your practice systems or need assistance with any other practice challenge, reach out to TDIC’s Risk Management Advice Line for guidance and resources.
TDIC’s Risk Management Advice Line is a benefit to TDIC policyholders. To schedule a consultation with an experienced risk management analyst, visit tdicinsurance.com/RMconsult or call 1.877.269.8844.