Just as you wash your hands regularly so you don’t get sick, it’s critical to adopt good habits of ‘digital hygiene’ to prevent cyber attacks on your practice. The ‘illness’ threatening your practice is called malware. Malware is an umbrella term for any malicious software criminals use to steal your or your patients’ data.
Ransomware, a particularly sinister malware, burrows into your system and begins encrypting all your data so you can’t access it. Then a cybercriminal holds your data for ransom, demanding you pay a large sum of money, often ranging from $300,000 to more than $1 million, before they will give you access to your own files.[1] Attacks skyrocketed in 2020, with one research group estimating the total cost to healthcare providers at nearly $21 billion. The number of compromised patient records in the 2020 attacks totaled nearly 18 million.[2]
Just like a human virus can lie undetected, malware can be in your computer system long before you realize it. By the time you see symptoms, it’s too late. Cyber criminals are continually developing sophisticated methods for infecting computers and servers without you catching on. Let’s look at the two primary ways malware gets into your system and how to prevent these attacks from infecting your practice.
Hacking
If you’re old enough to remember the 1983 movie, War Games, then you might imagine hackers as unsuspecting teenage whiz kids finding ‘backdoors’ into computer systems, sparking an unintended world war. Unfortunately, hackers today are sophisticated and keenly aware that they are in a booming, billion-dollar business.
Hackers secretly tap into your data by exploiting weaknesses in your IT security. Outdated, unmaintained systems often make smaller, older practices particularly easy targets. For example, if your practice is still running on Windows XP or an older version of Windows, you are at greater risk of attack. Microsoft no longer provides security updates for those older versions, making them susceptible to hacking.
Do you occasionally check emails from the coffee shop on Friday using your work laptop? If the Wi-Fi network doesn’t require a password, it’s an open door to all the files on your computer. Look for the padlock icon in the web browser address bar to see if you are connected to a secure network. You’re better off treating public Wi-Fi security with a healthy dose of skepticism. Avoid entering your practice login, passwords etc. while on an unsecure public Wi-Fi network.
Working with a proactive team of IT experts, known as Managed IT Services Providers or MSP, is an important layer of defense against attacks. These folks can save you money, time and headaches over the long run. They detect threats early to eliminate or reduce damage well before it gets out of hand.
Phishing
Email is often a particular vulnerability. Phishing occurs when a criminal tricks people into thinking an email comes from a trustworthy source, then convinces them to click a corrupt link or provide sensitive information directly (like a credit card number or password).
Use only a fully HIPAA-compliant, cloud-based email system that protects your information whether it’s sitting in your inbox or sending to another doctor’s inbox. There are big differences between an encryption-only email for general security and a truly HIPAA-compliant, protected email that fulfills every HIPAA security requirement. These requirements range from verifying recipient identity to making sure no email is altered.
For your Gmail, Hotmail, Yahoo, or other non-secure email accounts, awareness is key for doctors and staff. The most common phishing ploy is known as ‘deceptive phishing’. You might receive an email that comes from a company or person with whom you are familiar. The fraudulent sender will often use a sense of urgency to get you to click on an attachment or link, or to call a number. They are looking to steal personal data, login credentials or otherwise access the business server. If the sender is unknown, claims to be your IT person, or someone in your office, yet asks you to click an unusual link or take a secure action, verify the email first with the actual person on your team.
Attackers are preying on a lack of awareness on the part of you or a staff member. No one is immune, but we can be one step ahead. Educate your whole team to recognize suspicious messages, links and other weak spots, to avoid falling victim. Ongoing security awareness training for everyone in your practice will help keep you all on top of the latest scams and vulnerabilities within your systems.
Take Steps
Act now by working with a qualified dental IT services provider to assess, boost and maintain your IT immune system. They can work directly with your team to understand what to look for and how to prevent these types of criminals from getting in the door. Healing from an attack is much more difficult and costly than preventing it in the first place.
___________
iCoreConnect, a VDA Services Endorsed Partner, specializes in comprehensive cloud-based software and technology services for dentists. VDA Services endorses these products from iCoreConnect: iCoreRx e-Prescribing software and iCoreExchange HIPAA-compliant email. VDA members receive substantial discounts on both products. Book a demo at land.icoreconnect.com/VA04 and 888.810.7706.