by Gary Salman
It seems that you can’t turn on the TV or visit your favorite news website without reading about how cyberattacks and ransomware are crippling businesses and healthcare entities across the United States. Unfortunately, dental practices are now becoming the victims of similar attacks. We often hear dentists say, “Why would they want to come after my practice?” Your practice is being targeted because of the vast amount of data you store. In addition, we are now seeing scenarios where dental practices are targeted because their IT company or even their accountant’s office was hacked and the criminals then use this data to attack or target their practices. It is important to understand that the days of simply relying on firewalls and antivirus software to keep hackers out of your network are over. If these devices were so effective at protecting your data, there would be no data breaches. With the continued sophistication of hackers, they can now deliver payloads that completely disable your firewall and allow unauthorized access to your network.
Cybercriminals are targeting practices through Phishing or Spear Phishing campaigns. The hackers will send blanket or targeted emails to you and your staff with the intent of getting someone to either click on something or give up the credentials to your network or email system. We have seen many instances where a practice’s email system gets hacked and the hackers then send out emails to the practice’s patients with malware attached to them. The debilitating effects of a cyberattack include loss of productivity and business continuity, lack of trust by your patients and referrals, and negative PR in the community where you worked so hard to build your reputation. Imagine opening an email and clicking on what appears to be an invoice and then getting hit with ransomware or malware.
Hackers are also breaking in through vulnerabilities (“unlocked doors and windows” on your network) or, even worse, through your IT vendor. You can no longer rely solely on your IT company to protect your network. IT companies are not Cybersecurity companies. You need the knowledge and expertise of a specialist in Cybersecurity to help ensure the security of your network. Hackers can scan your network for vulnerabilities in a matter of minutes and then identify and exploit these vulnerabilities in order to gain access. This approach in the dental space is much more common than you may imagine. The FBI and Department of Homeland Security posted a bulletin in the Fall of 2018 warning IT vendors that Advanced Persistent Threat Actors (APTs) are targeting IT firms in order to exploit their information to attack their clients. Since your IT vendor typically stores your IP address, user name and password in their database, a breach will give the cybercriminal the “keys to your castle”.
Make sure to take defensive measures to help protect your network and critical patient data. It is important to work with a qualified Cybersecurity company who can: (1) perform an audit of your existing policies and procedures, (2) provide you with quarterly vulnerability scans of your network, (3) conduct live employee training to educate your staff on the latest threats and learn how to prevent them and, (4) have penetration testing conducted on your network.
You don’t have to be the next victim of a cyberattack if you take action now.
For more details on how to avoid implanted malware from becoming a practice nightmare, read another article by Gary Salman.