Welcome to Our Cyber Awareness Month Blog Series Part 4!
Throughout October, we’re bringing you a five-part series dedicated to helping dental offices protect themselves from the growing threat of cyberattacks. From understanding the risks to implementing cybersecurity best practices and exploring the vital role of cyber insurance, each blog is designed to provide actionable insights tailored to dental practices. Cybersecurity is essential for safeguarding your practice, your patients and your reputation.
Real-Life Cyberattacks in Healthcare: Lessons for Dental Offices
To truly understand the importance of cyber insurance, let’s look at some real-world examples of how cyberattacks have affected healthcare providers, including dental practices and how insurance played a crucial role in recovery.
Case Study 1: Ransomware Attack on a Dental Practice
A small dental office in Orlando, Florida, was hit with a ransomware attack, locking them out of their patient files. The attackers demanded a $500K ransom in exchange for the encryption key. Fortunately, the office had cyber insurance, which covered the ransom payment down to $250K and helped with the costs of restoring their system, forensic investigation and notification to patients. Without cyber insurance, the practice would have paid more than $650K.
Case Study 2: Phone Scamming
An oral surgery office received a call from a “patient” claiming they couldn’t access the new patient files and asked if the front office could email them over. Shortly after, the “patient” called again to confirm whether the office had received the email and requested that they open the attachment to verify. Once the email attachment was opened, the hackers gained access to the system. A week later, the hackers demanded $100,000 in ransom to release the patient records. The total cost of the incident, including fees and the ransom, amounted to $200,000.
Case Study 3: Funds Transfer Fraud
A multi-location dental practice used the same lab for all its offices. The accounting manager received an invoice via email from the lab that looked identical to previous invoices. In the body of the email, it stated that the lab had switched to a new billing system and asked for payment of the attached invoice. The accountant cross-checked the invoice with the practice’s Electronic Health Record system, and the amount matched what was owed, so she processed the payment.
A few weeks later, the accountant received a past-due notice from the lab. She called the lab to inform them that the invoice had already been paid. However, the lab confirmed they had not received the payment. Upon reviewing the original email, the accountant realized the email address was slightly altered — an uppercase “I” had been used in place of a lowercase “L.” As a result, the practice still owed the lab, and they were out more than $300,000.
Lessons for Dental Offices
- Preparation is Key: Even small practices can fall victim to large-scale cyberattacks.
- Cyber Insurance Can Save Your Practice: While preventive measures are essential, cyber insurance is your best safety net in the event of a breach.
Our next post will review what to do if a cyberattack happens at your practice.
To learn more about cyber liability insurance to help protect your practice call or text Florida Dental Association (FDA) Services Inc. at 850.681.2996 or visit FDA Services, Inc. (coalitioninc.com) for an instant quote.
Beyond the Bite 