CDA and The Dentists Insurance Company would like to notify our members and policyholders that cybersecurity experts are warning the private sector of an uptick in cyberattacks as the U.S. and other countries impose sanctions and other penalties on Russia in response to its invasion of Ukraine.
The federal Cybersecurity & Infrastructure Security Agency and the FBI have issued a series of alerts recently warning of an increase in ransomware attacks, including through malicious software that can compromise practice systems and prevent access to schedules, billing or patient records.
Dental practices and other health care entities are always at risk, but practices should be on heightened alert now for these threats and consider taking the following steps to help prevent them:
Oftentimes, cyberattacks are the result of successful phishing attempts. Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads or sites that look similar to sites you already use.
Email is the most common attack vector, so staff should be trained on how to identify potential phishing attempts. Some common indicators are (1) emails that ask for sensitive information, such as W-2s, Social Security numbers and passwords, (2) emails that don’t address the recipient by name or (3) emails that have multiple spelling and grammatical errors.
Always hover over the sender’s name to confirm the domain, and never open attachments or click links in suspicious emails. If the email appears to be from someone else in the practice who is asking for sensitive information, always verify in person that the email is legitimate or from a known phone number (not a number in the email).
Find additional guidance on protecting practice systems in a recent article by The Dentists Insurance Company. TDIC policyholders can access the comprehensive Cyber Liability Guide and Cyber Event Checklist referenced in the article.
Also find guidance on HIPAA and state privacy laws in CDA Practice Support’s summary of the HIPAA security rule and in an article about cybersecurity in health care published last week by the U.S. Department of Health and Human Services.