Whilst cyber assaults are often seen as a concern for governments and large corporations, dental offices may be just as susceptible due to their sometimes weak security measures. According to Cameron Cooper, Aylin Najarian understands how terrible it can become when a dental office is the target of a ransomware assault.
She remembers the emotional and financial repercussions she had when working in a prior position for another clinic that was victimised by scammers. She is now the practice manager at The Dental Practice in Burwood, Sydney.
She said that they arrived one morning and there was nothing on our computers. They lost all patient and staff data, as well as X-rays, booking, scheduling, and treatment information. They stole everything.
The practice's startled owner agreed to pay the fraudsters $20,000 to unlock the data, only for the cybercriminals to demand additional money. Management eventually enlisted the help of a cybersecurity company, but the experience took approximately six months to resolve, and several stressed-out employees and patients departed the clinic.
Najarian adds that they really believed that they could recover all of that data. However, the con artists simply demanded more and more money.
Complacency may cost you a lot of money
The experience of Najarian's previous practice, which she declined to identify, serves as a warning that adopting a "this can't happen to me" attitude has a number of dangers.
Smaller companies, such as dentistry offices, are attractive to hackers because they are lucrative and contain significant patient data, but they seldom have in-house cybersecurity personnel or sophisticated anti-fraud processes.
Andrej Petkovski, the founder of Osmicro Network, a technological solutions company that works with a number of dental offices, said that they're an easy target. Unlike bigger companies, they generally lack cybersecurity strategies and resources, therefore there is less emphasis on risks.
The following are the most serious cyber threats to dentistry practices:
Ransomware is malware that infects a computer or device and prevents users from accessing it until a charge is paid. Encrypt all data and check devices for viruses and ransomware using a virtual private network, or VPN.
Phishing occurs when fraudsters send emails posing as legitimate businesses in order to obtain money or personal information. Maintain up-to-date anti-virus software and encrypt data.
Malware is harmful software that is implanted in computers that allows it to gain access to or damage a computer or device without the victim's awareness. Install antivirus software and remind employees not to click on dubious sites or download suspicious documents.
Business email compromise occurs when fraudsters get access to a victim's email account and mislead them into transferring money or sensitive data to the fraudster's account. Educate workers to be wary of shady communications.
Whilst there are specialised technological solutions to assist dental offices, Petkovski recommends a three-step strategy to risk management.
To begin, develop a mentality that recognises cybersecurity risks are real and that the practice must safeguard its patients. Second, choose technology solution providers that have a demonstrated track record of helping dental offices and can do a thorough security and network audit as a starting point. Third, instead of depending on a friend or family member to maintain IT networks, put aside a little amount for best-practice cybersecurity and IT setups.
Petkovski claims that by using current software applications, strong security defenses may be implemented at a low cost.
Dentists and other small company owners have the notion that cybersecurity is expensive and that they must purchase all of these expensive firewalls, which is false. Microsoft software on your computer already provides 95% of the services you need. All you have to do is know how to use them correctly.
Dr. Craig Duval, owner of Sherwood Dental in Brisbane, has taken concrete efforts to safeguard his practice and customers, including outsourcing IT assistance to Teamwork Technology and implementing cybersecurity measures.
Staff, for example, are informed of rigorous email procedures as part of their inductions. Only PDFs, Word documents, and Excel spreadsheets from trustworthy sources may be opened. Dr. Duvall said that he was not suggesting that personnel will never break that regulation, but they are aware of the guidelines.
Along with standard firewall protection and server checks, the practice does daily backups to a local disk and the cloud. It also runs recovery tests on a regular basis to verify that backups can be recovered.
Sherwood Dental has business insurance that covers ransomware attacks, but it does not keep credit card information in patient files. Dr. Duval has his staff print out daily patient reports and maintains physical copies of HICAPS slips and patient payment information as an extra layer of security in case of a digital data breach.
Dr. Duval said that such steps offer peace of mind, and a head-in-the-sand attitude is loaded with danger.
Prevention is the best medicine
A variety of typical activities may expose dentistry offices to cyber dangers. Data may be compromised, for example, by leaving a USB stick with business information at a bar or restaurant, or by allowing minors to use a laptop or smartphone. Similarly, employees who work from home may jeopardise security if they transmit sensitive business information through an open email platform such as Gmail or Hotmail without adequate security safeguards.
Petkovski said that in addition to external hacking risks, dental offices must be mindful of the danger that their own employees may pose—either via lack of proper cyber safety measures or by malevolent acts in which staff remove data and pass it on to another practice. “Humans are the most vulnerable.
His team performs frequent phishing tests with customers, sending out fake emails to see who clicks on them. The goal is not to punish offenders, but to educate them.
When Najarian joined The Dental Practice in 2018, she brought on Osmicro to manage the practice's IT and cybersecurity operations. One of the basic but effective steps it has implemented is requiring each employee to have their own log-in credentials for computer and email access in order to limit the kinds of data or information they may download.
Najarian said that all it takes is one staff member to do the wrong thing or click on the incorrect email for us to have a problem.
Despite the fact that her new business has had no cyber problems, Najarian encourages other practices to take the danger seriously.
Najarian said that the message is that it is worthwhile to work with an expert cybersecurity firm that can protect your data.
