How To Protect Your Dental Practice From Cybercrime
Cybercriminals don’t care about you, your employees, or the fact that you are just trying to service patients and make an honest living owning and managing a dental practice. They’re just looking to steal your money. In doing so, more and more bad actors are choosing to deploy one of the most despicable tools possible to meet their goal – Ransomware – and the impact is being felt far and wide.
When a bad actor convinces you or one of your employees to click on a bad link, they are ultimately successful in gaining access to your computer, your practice’s network, and your livelihood. Then, they proceed to lock you out and demand a hefty ransom in return for a key or passcode to gain access to it again. This is truly a sinister plot because even though they might grant you entry into your practice’s database once again, chances are good that they will lock you out again at some point in the future and demand an even greater payment.
Ransomware has helped cybercriminals take down countless small businesses. In fact, small- to mid-sized organizations are most at risk because they are unlikely to have the financial support necessary to recover from a cyberattack.
That being said, when it comes to dental practices and other organizations in the healthcare space, the impact of a Ransomware attack may actually be worse. Because of your responsibilities under HIPAA, you are at an even greater risk of not being able to recover from an attack because of the added penalties and fines associated with the breach of confidential records.
So, what can you do to protect your practice, your data, and yourself?
Listen to episode 169, “The Cybersecurity Battle Plan For Businesses,” on unsuitable on Rea Radio, Rea & Associates’ award-winning weekly podcast.
4 Tips To Help Prevent A Ransomware Attack
To protect your business against Ransomware and other similar threats, I recommend following these best practices:
1. Train Staff To Identify Phishing Emails
Numerous vendors can provide your dental practice with phishing tests and video training to help educate your office’s staff about phishing emails and ways to identify possible scams. Bad actors are always looking for ways to trick you and your staff to click on something you should be clicking on. You must always be vigilant. The goal is to change the mindset of those within your practice when it comes to opening attachments and clicking on hyperlinks.
2. Monitor Microsoft Active Directory Administrative rights.
It’s unlikely that all your employees will need full access to your practice’s entire database to do their jobs effectively. One way to protect your data is to only grant access to the databases each employee needs to do perform their job duties.
3. Implement Endpoint Protection
Endpoint security or endpoint protection is a standard approach to the protection of computers that are part of a network. The connection of laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint Protection works by recognizing threats and preventing them from exploiting the machine they are found on while hindering the ability for the threat to migrate to other endpoints.
4. Implement Lifecycle Management For Old Computers\Software
Lifecycle management refers to the administration of selecting, purchasing, using, and ultimately removing assets from the network. This includes hardware (laptops, servers, desktops) as well as software (patching, updating, and migrating). When an asset becomes “End of Life,” or “sunset,” the developer will cease to create updates and patches for that particular piece of software. At times, software providers will only continue to support their product on specific hardware. The actions of stopping support for software and/or software can significantly increase the likelihood of suffering a cybersecurity incident.
Don’t Let A Cyberattack Ruin Your Dental Practice
Cybercrime is not going away. Cybercriminals have already triggered public relations nightmares for large businesses and have entirely destroyed the livelihood of small business owners. Don’t let your dental practice become easy prey. In addition to utilizing the best practices outlined above, call Rea’s cybersecurity and data protection services team. As a leader on the team, I work closely with dental professionals and have worked to understand the unique challenges dentists face in this area. Give me a call today to set up a free consultation to determine where your practice is most vulnerable.
By Paul Hugenberg, III (Wooster CPA Firm)