Cyberattacks: Prevention May be the Cure from Ransomware

By Robert McDermott, President/CEO, iCoreConnect

Just as you wash your hands regularly so you don’t get sick, it’s critical to adopt good habits of “digital hygiene” to prevent cyberattacks on your practice. The “illness” threatening your practice is called malware. Malware is an umbrella term for any malicious software criminals use to steal your or your patients’ data.

Ransomware, a particularly sinister malware, burrows into your system and begins encrypting all your data so you can’t access it. Then a cybercriminal holds your data for ransom, demanding you pay a hefty sum of money for them to give you access to your own files.

Just like a human virus sometimes can be undetected, malware can be in your computer system long before you realize it. By the time you see symptoms, it’s too late. Cybercriminals are continually developing sophisticated methods for infecting computers and servers without you catching on. There are two primary ways malware gets into your system and holds your practice ransom.

HACKING

Hackers secretly tap into your data by exploiting weaknesses in your IT security. Outdated, unmaintained systems often make smaller, older practices particularly easy targets. Working with a proactive team of IT experts, known as managed IT services providers (MSP), is an important layer of defense against attacks. These folks can save you money, time and headaches over the long run. They detect threats early to eliminate or reduce damage well before it gets out of hand.

A particular vulnerability is how you are using email. Only use Gmail, Hotmail, Yahoo, etc. for personal or non-patient specific messages. For anything beyond that, set up a fully HIPAA-compliant, cloud-based email system that protects your information whether it’s sitting in your inbox or sending to another doctor’s inbox. There are big differences between an encryption-only email for general security and a truly HIPAA-compliant email fulfilling every HIPAA security requirement. These requirements range from verifying recipient identity to making sure no email is altered.

PHISHING

Phishing occurs when a criminal tricks any employee into thinking something is a trustworthy source, then convinces them to click a corrupt link or provide sensitive information directly (like a credit card number). The attacker is preying on a lack of awareness on the part of you or a staff member. You must educate your whole team to recognize suspicious messages, links and questions to avoid falling victim. If the sender is unknown or claims to be your IT person, MSP or someone in your office yet asks you to click an unusual link, verify the email first with the actual person on your team.

No one is inherently immune from cyberattacks. Take action now by working with a qualified dental IT services provider to assess, boost and maintain your IT immune system. Work directly with your staff to understand what to look for and how to prevent these types of criminals from getting in the door. Healing from an attack is much more difficult and costly than preventing it in the first place.


iCoreConnect, an FDA Crown Savings merchant, specializes in comprehensive software that speeds up workflow for dentists. The FDA endorses these products from iCoreConnect: iCoreExchange HIPAA-compliant email and iCoreDental cloud-based practice management. FDA members receive substantial discounts on both products. Book a demo at icoreconnect.com/fda or call 888.810.7706.

My Computer Has a Pop-up That Says it Has a Virus … What Do I Do Now?

By Larry Darnell, FDA Director of Information Systems

Every once in a while, you may get a pop-up on your screen claiming your computer has a virus and to remove it, you must call the number shown immediately. I have come across a number of people who will look at a pop-up like this on their computer and do one of two things:

  1. Ignore it.
  2. Do exactly as it says.

I am mystified that some may do as the pop-up says, but we have been conditioned to this type of behavior. The criminal element realizes that, so they craft malware. Malware, although technically not a virus, is software that pretends to be useful, but is in fact malicious — thus, the name. Most anti-virus programs are built to stop the bad viruses … not so much the malware.

Malware most often is installed  because we choose to do it. It may come in the form of an extra toolbar on our browser, a coupon program or some other seemingly helpful software. We open the door and let it in, and then it takes over. I have known people to blindly call someone and give them access to their computer remotely and even their credit card information based on malware (or, as we call it “scareware” or “ransomware”)! I recommend you take the computer to a professional and get their opinion. If you opt to try and fix it yourself, a couple of programs that are helpful are Malwarebytes and HitmanPro; both can help eliminate your problem.

Please do not choose to ignore it. That will only make it worse, that much I can promise you.