Learn more about the Florida Dental Association. 

Beyond the Bite

The Official Blog of the Florida Dental Association

Cybersecurity: When You Are Your Own Worst Enemy.

Florida Dental Association's avatar by Leave a comment

Cybersecurity: When You Are Your Own Worst Enemy.

For the last several years I have been regularly hammering you on ransomware threats, phishing attacks, and weak or comprised passwords for vital systems. These cybersecurity threats remain as threatening as ever. However, today I want to bring your attention to other cybersecurity risks that don’t feel so nefarious.

First, is the phony patient scam. After the pandemic, many people are returning to dental visits, so some practitioners are seeing an influx of new patients. That’s good right? Yes, if they are real. The additional ways that new patients can contact you and your dental offices add to the potential risk. A simple example is a new patient wants to send your office their medical records…x-rays or treatment records. Innocent enough unless that’s not what’s happening. Hidden inside of those “records” is malware designed to infiltrate your device, computer, or your network giving a bad actor access to privileged and private health information. This can be facilitated via email, a text message, or even a phone call. This type is referred to as a social engineered attack. They have usurped a common business practice and have used it to compromise your systems. The best cybersecurity defenses can be beaten by trusting employees who think they are just doing their job.

What do you do to combat this kind of attack? Quite simply, you must limit the attack vectors. Don’t make it a common practice to receive files from unknown people. Don’t click links from them either. Just because this feels like a legitimate interaction, always question and ask what is the worse thing that can happen if I do this?

Secondly, we have seen how this next one can impact dental practices. Dental practices often rely on third-party software for scheduling, billing, and patient management. If these vendors have weak security measures, they could become entry points for cyberattacks. Know who your third-party vendors are. Ask questions about the way they interact with your systems. If your data is compromised by a third-party breach, you are likely equally responsible. (I am sure it’s in the fine print of that contract you never read but signed and agreed to anyway.) Consider every major third-party system you use and ask yourself, if this went down or was compromised, how would my practice keep running? As I said, many of you likely dealt with this one but it’s faded off the radar and you are thinking it will never happen again, right?

Lastly, the greatest cyber threat may already be in your own dental office. Unauthorized access by employees or improper handling of patient data can lead to data breaches. Insider threats could be accidental (negligence or mistakes) or intentional (data theft or sabotage). Answer this question for me. Who is the weakest link at your dental office? No one wants to think about that until it is too late. So much of combatting cybersecurity threats is identifying and dealing with potential problems before they are actual problems. Proactive versus reactive. Invest in some staff training for all those in your office. It might mean doing more than what’s legally required to ensure your practice is safe. Most of the events associated with this involved a seemingly innocent choice made

by someone to visit this website, or click that link, never realizing the cascading effects of that one bad decision.

I will provide you with a real-life analogy. If you have children or grandchildren, at some point these days, you purchase electrical socket covers to protect those kids from accidental or intentional shock. I don’t remember having those when I grew up. I wonder how many kids had to be shocked before someone decided to invent a way to protect kids. Do you know it is still possible for a persistent child to remove the cover and still get shocked today? 7 children in the United States per day do that and end up in the ER. Imagine how many more that would happen to if proactive precautions were not put in place? Take some precautions, provide some training, be proactive with your dental team and save yourself from a greater shock.

Most of us really don’t want to admit that the greatest threat to our cybersecurity might be the person looking back at us in the mirror. You might be your own worst enemy. You still have time to fix that unless you say, “One day” or “It can’t happen to me…”. Do something today to identify the potential problems before they become actual problems and it’s too late.

Leave a comment