Learn more about the Florida Dental Association. 

Beyond the Bite

The Official Blog of the Florida Dental Association

Dark blue background with light blue writing that says Cybersecurity Awareness Month.

Avoid These Five Cyber Threats in Your Dental Practice

Florida Dental Association's avatar by Leave a comment

By Larry Darnell, MBA, CAE
FDA Director of Strategic Initiatives and Technology

As dental practices become increasingly digital, the risk of cyberattacks grows in tandem with the convenience. Every email, password and patient record presents an opportunity for hackers to exploit weak spots — often through simple, avoidable mistakes.

Understanding the most common cybersecurity missteps can help protect your patients’ data, your reputation and your bottom line. Below are five of the most frequent and preventable errors that dental professionals make, which could lead to a cybersecurity event.

1. Weak or reused passwords. Having a common password that everyone in the office knows or can easily guess is problematic. Never write your passwords down on sticky notes, keep them in a file on a computer or use your browser to “save” them. Any of these methods is bound to cause problems. Instead, use a password manager that can create complex passwords and store them using encryption. Ensure you use a password manager on all your devices.

2. Clicking suspicious links or opening shady attachments can give criminals access to your entire dental practice. Always double-check email addresses and unexpected requests. Be cautious when responding quickly to emails on mobile devices because they make it challenging to verify the legitimacy of an email address. Be careful if an email creates a false sense of urgency. If need be, contact the sender separately to see if it is really them and confirm what they sent or what they need.

3. Do not use unencrypted communication tools when communicating with patients. Sharing patient details via regular SMS or personal email is a risk. Hackers can intercept it. Medical communication tools must be encrypted and Health Insurance Portability and Accountability Act (HIPAA)-compliant. Violations of HIPAA and abuse of Personal Health Information (PHI) can be very costly. Ensure your office staff are equipped with HIPAA-compliant communication systems and they receive proper training on their use.

4. Using unsecured mobile devices. Dentists and office staff often check records on phones or tablets. If those devices aren’t locked or encrypted, lost or stolen devices become open doors for hackers. Make sure those devices stay updated. Have a plan in place for handling a lost or stolen mobile device to minimize the risk to your practice. Be careful about using free public Wi-Fi without a virtual private network (VPN). Also, be aware of plugging in your devices in any public setting. They can easily be compromised at hotels, airports or kiosks.

5. Inappropriate handling of patient data. Throwing away old patient charts, USB drives or printed reports without shredding or wiping them is like handing criminals the information on a silver platter. Your office copier may contain a treasure trove of PHI and simply discarding it is a significant risk to your practice and your patients’ information. Providing patient data to a public artificial intelligence (AI) tool is a new and serious risk. Be careful about the use of patient data in your practice, both personally and professionally.

By addressing these common weaknesses, you can significantly reduce your risk of a data breach and protect your patients’ privacy, while maintaining trust in your practice.

Larry Darnell, MBA, CAE, FDA Director of Strategic Initiatives and Technology, can be reached at 850.350.7102  or ldarnell@floridadental.org.

Leave a comment