02/15/2018

Protecting your practice from cyber threats


What do Anthem, Yahoo, LinkedIn and JP Morgan Chase have in common? If you guessed that they were all victims of some of the world’s largest data breaches, you’d be correct. From insurance carriers to retailers, financial institutions to the U.S. military, all organizations that have an online presence are subject to cyber-related risks and the reputational damage and loss of consumer trust that follow.

Unfortunately, not all businesses can recoup what they lose from cyberattacks. Major corporations can usually recover any losses as they have the financing, in-house skills and manpower to address the problem and recover lost data. But small businesses aren’t always as equipped to respond.

The health care industry is especially vulnerable to cyberattacks as hackers know they can access both patients’ protected health information (PHI) and financial records. Even if your practice does not own a website or make financial transactions online, you can still be at risk simply by using the internet and working in a digitally connected office.

The most common cyberthreats businesses currently face are data breaches, malware and ransomware.

Ransomware cases are increasing and are estimated to have caused $5 billion in damages in 2017 alone, according to industry researcher Cybersecurity Ventures. A ransomware scenario occurs when hackers infiltrate a system and block access and then demand a ransom be paid in order to lift the restriction. Hackers will generally ask for the ransom to be paid via Bitcoin or other untraceable digital currency, making funds unrecoverable once distributed.

In a case reported to The Dentists Insurance Company’s Risk Management Advice Line, a practice’s software was encrypted by ransomware. Although the dentist paid the ransom demand, he did not receive the encryption key to regain access. Even an outside computer repair technician could not help recover the data still on the practice’s server. Ultimately the dentist had to escalate the matter to the police and sustained a significant recovery expense.

Even if the hackers did reestablish access once the ransom was paid, there was no guarantee that the recovered data would be “clean” or intact. Once a system is compromised, there is no assurance that it won’t get hacked again.

Another threat to business owners is malware, short for “malicious software,” which can infect computers through intrusive emails, web links and pop-up alerts. The malicious software can be downloaded without one’s knowledge and capture private information.

A dentist called the TDIC Risk Management Advice Line after discovering her email account was hacked. An email containing an encrypted PDF file was sent to 122 of her patients. The email instructed the recipient to download a program to access the PDF. The dentist was concerned that her patients would not realize it was a fraudulent email and would download the program and inadvertently infect their own personal computers. She was advised to notify her patients of the fraudulent email and establish a new email account as soon as possible to minimize any damages.

While cybercriminals are becoming more aggressive and infecting more computer systems, simple human error and misplaced trust are still leading factors in many data breaches. Thankfully, there are steps you can take to help protect yourself and your practice from cyberrisks.

Strengthen passwords
Make sure each employee has a unique password that contains a combination of lowercase and uppercase letters, numbers and special characters to deter potential hackers from gaining access.

Back up your data
You can back up your files and data on a network-attached storage device, portable hard drive, USB flash drive or online through sites like Google Drive, Dropbox and Mozy. It’s a good idea to back up files daily, which will make recovering data easier in the case of cyberattacks or computer system damage.

Use safety features
Install antivirus and antimalware software for all of your devices and update when available. Use an encrypted virtual private network (VPN) when connecting to an unfamiliar Wi-Fi network to ensure a secure connection. These measures will help prevent your data from being compromised.

Initiate cybersafety protocols
Educate your staff on the latest cyberthreats and include your practice’s cybersecurity policies and training protocols in your employee manual. Employ a multi-user system for the release of sensitive information. For example, make it a policy that two employees must sign off before providing anyone with secure information, such as passwords or file access, to prevent falling victim to a cyberscam and jeopardizing your computer system.

Preventing cyberattacks is the first step in protecting your practice. The second is to be prepared. TDIC offers comprehensive Cyber Suite Liability protection to help you respond to a full range of cyberincidents and cyber-related litigation. To learn more, visit tdicinsurance.com/cyber.

TDIC’s Risk Management Advice Line at 800.733.0633 is staffed with trained analysts who can provide guidance on cyber security and other questions related to a dental practice.

Reprinted from the February CDA Journal.



Related Items

The Dentists Insurance Company has received and is currently working to resolve several claims against its policyholders related to the unauthorized use of proprietary software code on the policyholders’ dental practice websites. The claimant asserts the policyholders have committed copyright infringement by using, without permission, copyright-protected software that provides real-time online chat capability.

Practice owners who have questions about dismissing a patient, giving a refund or terminating an employee are not alone. The Dentists Insurance Company reports these are the top three risk management issues facing dentists today. In fact, these issues make up the majority of calls received through the Risk Management Advice Line. Following are real-life calls and recommendations offered by TDIC RM analysts.

A new format for the HIPAA Notice of Privacy Practices is now available for download on the CDA Practice Support website. The new "layered" notice allows a dental practice to post only one page, instead of all pages, of the notice on the wall of the practice's reception area while making the entire notice available elsewhere in the reception area.

Topics
Top