Greg Tanner, Chief Security Office of Cynthetic Systems, discusses the reasons for protecting against cyberattacks to your patient files.

When we ask dentists what they do for dental cybersecurity in Denver, they often say, “My IT company handles that.” IT companies are not cybersecurity companies. IT organizations typically partner with a cybersecurity company to independently audit its work. It is extremely critical to understand that IT companies cannot audit their own work. It takes the expertise and knowledge of a cybersecurity company to help ensure the security of the network.

In speaking with numerous dentists, it is apparent that ransomware attacks have been impacting this community. The unfortunate mistake that practitioners make is that they have their IT company “clean it up and restore their data.” What if, as part of or prior to the attack, a practice’s data was stolen from their network and is being bought and sold on the Dark Web (the black market of hackers), and the practice did not report the breach to the Office of Civil Rights (OCR)? The practice could be subject to massive fines for the lack of reporting. If a dentist’s office falls victim to a ransomware attack or other possible breach, there are steps that the practice and its IT company must follow to determine if electronic protected health information (ePHI) was compromised. This often involves hiring a forensics company and working with a cybersecurity company to harden the practice’s infrastructure. What we have typically seen is that if you were the victim of an attack once, you will mostly likely be a victim again because of vulnerabilities in your network that enabled the attack vector or payload to infiltrate your system. To recover from the attack, you cannot simply restore your data and hope for the best.

The internet is necessary for most dental offices to function, but it also can lead to problems if security isn’t set up correctly. Greg Tanner states, “I consider the internet a super high crime neighborhood.” The proper protection starts with setting up security that keeps the hackers out.

Data accessed via your practice management software drives your appointment scheduling, billing, clinical processes like digital x-rays, and your use of electronic medical records (EMRs) and electronic health records (EHRs). That same data that’s available to you and your workflows is also vulnerable to cyber-attacks.

Sophistication increases the need for equally sophisticated cybersecurity for dental practices

It’s common to assume that your internet firewall or your anti-virus software is enough of a safeguard for your sensitive data. But have you considered that if those protections were adequate why are data breaches more common than ever?

To secure your network and combat against these sophisticated attacks, a dentist needs to implement key pillars of dental cybersecurity. These pillars are Cybersecurity Audit, Cybersecurity Awareness Training, and MDR (Monitor, Detect, Response) Implementation.

“You have spent years to become a dentist, growing and building your practice, your reputation, and your patient’s trust. The risk of a data breach is real, and you should not be passive.”

 

The Cybersecurity Audit of your cybersecurity protocols.

Such an audit will most often require third party assistance. Dental Cybersecurity firms are equipped to work in tandem with the person responsible for your practice IT or with the outside IT firm you use.

Cynthetic Systems professionals will do a broad fly-over of your practice’s IT landscape. Their related inquiries will include questions about…

  • Your location and process for data storage
  • Your systems for protecting your data
  • Who has access to your data and how access is gained
  • Your onsite team members and those working remotely
  • Your relationship with billing companies and their log-in access to your dental practice network
  • Your team’s use of portable storage devices that contain electronic protected health information (ePHI) and that could be lost or stolen
  • Your data encryption technology that protects ePHI

Cybersecurity Awareness Training.

Keep in mind that data network vulnerabilities are common. But the most common vulnerability is those who actually use the network – you and your team!

The human factor is a key source of data breaches.

” Social engineering, often referred to as ‘hacking the human,’ is the most prominent threat vector impacting practices and is often the least discussed.”

Hackers are drawn to human error. Their ransomware attacks are often designed and deployed to fool an email recipient.

For example, an email could be sent to a team member using your address. An unsuspecting click on a link within the email would then execute a file download that initiates a ransomware attack on your server and files. Such a hacking incident should then be reported to law enforcement.

A cybersecurity audit is effective to mitigate breaches and inform you and your team of related vulnerabilities. The HIPAA Security Rule is in place to require practices to take advantage of cybersecurity awareness training.

Audits and training focus on IT system strength and how to avoid human error.

Cybersecurity data reveals that healthcare organizations (including dental practices) experience a 50% to 75% reduction in cyber-attacks as a result of properly training their staff.

System tools can be deployed during a cybersecurity audit. The tools scan for vulnerabilities, gather essential information about your IT network, and run vulnerability tests.

Discovered data is provided to your practice’s IT company or designated IT person. The system can then be more effectively “locked” to prevent further breaches.

It’s recommended that system testing be conducted on a quarterly basis. And on occasions when you upgrade, modify, or add new network devices or capabilities.

 

Manage, Detect and Respond Implementation.

What Is Managed Detection and Response (MDR)?

MDR services are designed to quickly detect threats and improve a dentist office’s response once compromises have been found. The solutions deliver an operational capability to organizations that often lack the resources to build it themselves. MDR is advanced threat management that helps visualize, detect, and eliminate threats to the network in real-time. Managed Detection and Response (MDR) offers the technology and expertise needed to stop threats that have bypassed other security controls.

MDR providers offer organizations a full capability that doesn’t require a dozen individual investments and months to years of implementation. Most MDR providers are priced significantly below what it would cost an organization to build internally.

MDR solutions work. They accurately detect threats ranging from malware to advanced attackers and support customers to ensure threats are addressed. Organizations that enlist an MDR provider have a reliable partner who stands by their side to defend against the worst types of threats.

MDR can give you deep insight and actionable intelligence into traffic across your network, as well as

Get a Consult: Dental Cybersecurity

Greg Tanner is the CSO of Cynthetic Systems. Cynthetic Systems specializes in detecting and responding to advanced threats. Are you having difficulty putting an efficient cybersecurity plan in place? We can help solve this frustrating and dangerous problem.

https://temphygienistaurora.com

https://temphygienistparker.com