Your Practice is Required to Protect Patient and Employee Information:
- HIPAA: Requires a dental office to safeguard personal health information (PII) of patients.
- State Privacy Laws: Require a dental practice to safeguard the financial information of employees and patients.
Your Practice is Heavily Reliant on Computer Hardware and Software:
Source: How the evolution of the dental industry has invited cyberattacks, DentistryIQ, April 23, 2020
These Systems are Subject to a Growing Risk of Cyber Attacks:
- 43% of cyberattacks target small business[1]
- Healthcare-related breaches – which have climbed for the past five years – affected over 22.6 million patients in 2021[2]
- Breaches can lead to ransomware, which is designed to hold entire computer systems hostage. Ransomware has brought down healthcare computer systems for weeks, has gone after cloud remote management services involved in hundreds of dental offices, and was even used in an attack on the ADA in April 2022.[3]
- The cost of a breach in the healthcare industry has gone up 42% since 2020. In 2022, the average cost of a ransomware attack was more than $4.5 million.[4]
- In 2022, it took an average of 277 days to identify and contain and breach[5]
The Following are Best Practices[6] for Cybersecurity. How Prepared Are You?
- Maintain offline, encrypted backups of critical data. (Note that automated cloud backups may not be sufficient because if local files are encrypted by an attacker, these files will be synced to the cloud, possibly overwriting unaffected data.)
- Conduct regular vulnerability scanning to identify and address vulnerabilities.
- Regularly patch and update software and operating systems to the latest available versions.
- Ensure all on-premises, cloud services, mobile, and personal (i.e., bring your own device [BYOD]) devices are properly configured and security features are enabled
- Use security products or services that block access to known ransomware sites on the internet.
- Encrypt all data at rest and in transit (e.g., emails).
Consider Retaining a Managed Service Provider, which can:
- Assess your cybersecurity posture
- Describe vulnerabilities
- Identify and prioritize opportunities for improvement
- Implement controls and continually monitor and manage your network
[1] Small Business Trends LLC. (2020, March 10). 43% of Cyber Attacks Still Target Small Business – Ransomware On Rise. Small Business Trends. (https://smallbiztrends.com/2019/05/2019-small-business-cyber-attackstatistics.html)
[2] https://expertinsights.com/insights/healthcare-cyber-attack-statistics/
[3] https://www.agd.org/constituent/news/2023/02/21/cybersecurity-current-best-practices
[4] IBM Cost of Data Breach Report 2022 (https://www.ibm.com/reports/data-breach)
[5] Ibid
[6] National Institute of Standards and Technology (NIST)’s guidance, as cited by the ADA. (https://adanews.ada.org/ada-news/2021/may/nist-offers-tips-to-help-avoid-ransomware-attacks/?_ga=2.13923831.1392564583.1687437294-786528910.1678711623&_gac=1.83752036.1684149855.Cj0KCQjwsIejBhDOARIsANYqkD2tce7MpyzyJnYpFbjlMNGa6kekUmsRH-Zalx1EHyUWcOGUfEn-zvAaAglgEALw_wcB&_gl=1*dves7y*_ga*Nzg2NTI4OTEwLjE2Nzg3MTE2MjM.*_ga_NJ0EYRGSL1*MTY4NzQzNzM2OC4xMjIuMS4xNjg3NDM3NDAyLjI2LjAuMA..*_ga_X8X57NRJ4D*MTY4NzQzNzM2OC42MS4xLjE2ODc0Mzc0MDIuMC4wLjA.; #StopRansomware Guide, Multi-State Information Sharing & Analysis Center, May 2023 (file:///C:/Users/rlkan/Downloads/StopRansomware_Guide_508c.pdf)
Leave a Reply