Is Your Practice Protected from Cybercriminal Attacks?

During the COVID-19 pandemic, cybercriminal activity increased to an all-time high. According to Fortune Magazine’s 2022 Cyber Threat Report, the healthcare industry faced a 755% increase in ransomware attacks. These cybercriminals were able to ransom millions of dollars from businesses by using tactics like phishing (an attacker sending a fraudulent message designed to trick a person into revealing sensitive information or sending malicious software to the victim’s computer/system), social engineering, and other hacker tools of the trade.

What’s at Risk in Your Practice?

1. Your patients’ protected health information. The HIPAA Breach Notification Rule requires practices to notify every patient of record that a data breach has occurred. Financial penalties for HIPAA violations can also be very costly, with penalties ranging from $100-$50,000 per violation.
2. Patient trust! It can be a long and grueling process to repair the damage to your practice’s reputation and regain your patient’s trust.
3. Names, addresses, social security numbers, and banking information that may be stored in your practice management system are enticing to cybercriminals.
4. Insurance information, including ID numbers, can be used to file fraudulent claims and obtain care.

How Can You Protect Your Practice from a Data Breach?

1. Educate your staff on what to look for in a phishing attack. Tips include:
   • Don’t open attachments from senders that you do not know.
   • Look at the email address of the sender- cyber criminals may use the name of the sender you know, but the email address will be different.
   • Look for broken language, misspellings, and poor grammar in the body of the email.
   • If they are concerned about the email’s authenticity, contact the sender through a different channel to see if they sent it.
2. Avoid reusing passwords and only use strong passwords that include numbers, letters, and symbols.
3. Enable two-factor authentication on email, social networks, and worksites.
4. Work with an IT company to have firewalls and antivirus software installed on all workstations.
5. Have backups of your data in case your data is held for ransom.

What Should You Do If You Think You May Have Had a Breach?

1. Quarantine the infected computer. Simply unplug it from the network as soon as possible. This will prevent the virus from spreading to the rest of your network.
2. Change your passwords using an unaffected computer. This includes email and social connections.
3. Contact your IT professional to treat the infected computer.

Dental practices need to recognize the continued rise of social engineering, phishing, and credential theft and take steps to defend against it. Practices need to invest in both technological solutions as well as employee education to stop costly data breaches before they happen.

About the Author

Angella Winters, MAADOM, is a busy practice manager, wife, and mother of 3 beautiful children. As a 2002 graduate of the University of Montana holding a Bachelor’s degree in Biology and Chemistry, she began her dental career in 1997 while still in high school as a chairside dental assistant. Her drive to learn led her to a practice management position at a large pediatric dental practice in 2010. In 2018, Angella left her position to open 3 Rivers Pediatric Dentistry. Angella earned her AADOM Fellowship in 2019, and in 2021, she earned her AADOM Mastership designation. She will be inducted as an AADOM Diplomate (DAADOM) in September. She is also the President of the Northwest Montana AADOM chapter.

In her free time, she stays busy shuffling her children between soccer, football, track, and wrestling. She enjoys early morning runs with her dog and spending time with her family in the outdoors, enjoying all that Montana has to offer.