Pat Little, D.D.S., president of Dental Risk Concepts LLC, encouraged attendees of his continuing education session at the Chicago Midwinter Meeting to be proactive about their practice's data security on Friday, Feb. 25. I have seen many dental practices hit with fines in the $50,000-$100,000 range for a breach, he said. Those breaches can also result in censure from state dental boards.
That old saying about an ounce of prevention being worth a pound of cure has rarely been more true than when it comes to cybersecurity in the dental practice. That’s because the stakes of protecting your practice from computer hacks and other crimes have never been higher, says Pat Little, D.D.S., president of Dental Risk Concepts LLC, in Chattanooga, Tenn.
Little told attendees at his Chicago Dental Society 2017 Midwinter Meeting session that a cyber breach may lead to state dental board involvement if patients file complaints. And of course a breach has HIPAA implications, too, in the form of stiff fines: “I have seen many dental practices hit with fines in the $50,000-$100,000 range for a breach,” he said.
Direct fines aren’t the only potential financial hit, either: Nearly half of dental patients say they would switch providers in the event of a breach, Little said.
Little, who also holds the Certified Fraud Examiner credential, noted that dental offices are vulnerable to several types of cyber crime:
· Hacking — Gaining direct, unauthorized access to another’s computer and/or data.
· Phishing — Posing as a trustworthy source online to fraudulently acquire information.
· Scareware — Specific type of malware that uses frightening messages to trick victims into purchasing useless and/or dangerous software.
· Ransomware — Similar to scareware but uses encryption to hijack another’s computer until a ransom is paid.
Little discussed five key ways to prevent cyber criminals from wreaking havoc in your practice.
1. Think Like a Criminal.
To defeat a criminal, it pays to think like one, Little said. “Criminals hold a different worldview than the rest of society: They’re self-centered, narcissistic and entitled,” he explained. “They see opportunities for crime where others don’t and enjoy the challenge.”
2. Hire IT Professionals.
Go with the experts, Little advises. “I always recommend that dental practices work with a good IT company,” he said. “If you get hacked, the DIY approach can get you into hot water because of the issues of HIPAA compliance.”
Little has found that many practices balk due to financial reasons. “You may not enjoy paying that retainer fee every month, but all it takes is one incident to make you realize the pro’s value,” he said.
3. Keep Your Software Up to Date.
This is especially important for your workhorse programs, typically Microsoft Office products and your practice management software. “Remember, you’re more open to attacks with older software,” he said. “The updates are often done in response to other users being hacked.”
Click to the next page to see the last two tips.
4. Don’t Take Security Shortcuts.
It can be tempting to have one or more employees take the lead in managing your computers, but don’t. “The dentist should be the only administrator, and everyone else should be a standard user,” Little said, adding that the dentist should log on as a standard user, too, except when performing administrative tasks.
No one else should be able to download or delete software. “I learned this one from personal experience,” Little said. “One of my dental team members loved kittens. She downloaded a kitten calendar that happened to contain a virus.”
You should also activate email and text alerts so you’re notified if any business accounts are accessed or modified.
You and all your employees should disable Wi-Fi and Bluetooth unless they’re needed. That includes avoiding unsecured computer networks whenever possible. “You could be logged on at Starbucks or at the airport and some hacker nearby can gain access to your network without you even knowing it,” Little said.
5. Secure Your Cell Phone.
“Our phones are so much part of our lives now, it’s easy to forget that they are computers and are also vulnerable to cybercrime,” Little said.
Put a password on your phone — six digits are better than four — and consider encryption apps that use a master password and change other account passwords automatically at preset intervals. Make sure any apps you’re downloading come from a trusted source and are not lookalike apps created by criminals.
Finally, consider how you and your staff use patient’s protected health information on your cell phones. “Many practices text patient information. You need a secure way to text in order to be HIPAA compliant,” noted Little. “Most offices put way too much info on their phones.”