The 3 Critical Components of Effective Cybersecurity

Feature
Article
Dental Products ReportDental Products Report October 2023
Volume 57
Issue 9

Providing your dental practice with adequate cybersecurity measures requires blocking malware from systems, addressing any malware that does get through, and preparing to recover from a data breach.

The 3 Critical Components of Effective Cybersecurity - image of lock on circuitboard background | Image Credit: kras99 / stock.adobe.com

Image Credit: kras99 / stock.adobe.com

Over the past 6 years, I have examined all the individual components of the information technology (IT) needs of dental offices. We’ve explored topics such as digital radiography, computers and networks, business analytics software, the Health Insurance Portability and Accountability Act (HIPAA), and a host of other topics. However, of all the topics I’ve written about, in my opinion, none is more critical than cybersecurity.

There is nothing more valuable to a dental practice than their patient information, and every office should make it their highest priority to protect and secure that data.

If you’ve read the recent articles I’ve written, then you know that I feel strongly that ransomware is far and away the biggest threat I’ve seen in my 35-plus years in dentistry, more than HIPAA, more than Occupational Safety and Health Administration issues, more than COVID-19. Even a cursory scan of the daily news would show the hundreds if not thousands of dental practices that have been attacked either by their own lack of adequate security or a lack of best practices from their IT company.

If you are committed to protecting your patient information, there are 3 general approaches that I recommend. You have to do everything in your power to keep the malware from reaching your network, deal with any malware that does get through, and, finally, be prepared to recover from an attack if all else fails.

An Ounce of Prevention

There are literally dozens of ways to deal with ransomware, but as the old saying goes, an ounce of prevention is worth a pound of cure. The first line of defense is making sure you have a good firewall in place. By good, I mean business-class like Sophos or SonicWall, not the consumer-level firewalls like Linksys or D-Link or Netgear. A firewall will scan all incoming and outgoing traffic and will often stop malware before it can get into your network. I also recommend what’s called patch management, which is required by HIPAA. Because all software has security holes in it, you must, by law, keep those software programs up-to-date with the latest security patches. Any good managed service IT provider can assist you with this.

Deal With the Malware That Gets Through

There are many viruses that we call zero-day, meaning they attack vulnerabilities that aren’t even known to exist. In those cases, a firewall and patched software won’t necessarily help. In those cases, you have to have systems in place to deal with the viruses. In the past, a good general-purpose antivirus application was adequate; that’s not really true anymore. However, there’s an even newer and more exciting approach called application whitelisting and ring-fencing, where only those programs that you preapprove are allowed to run and unapproved programs (like viruses) are stopped in their tracks. I’ve been installing application whitelisting for my clients for 2½ years and have not seen a single virus hit any of those systems with that protection in place.

Recover From an Attack

If you have followed the first 2 steps above, the chances of being hit with a virus are very, very low—but low doesn’t mean impossible, so you should be prepared. Having a solid and tested backup and disaster recovery system is critical. However, we’ve seen more and more attacks called double and triple extortion. Double extortion is when they download a copy of your data and threaten to put it online and triple extortion is when they are able to access the patient files and threaten to contact your patients directly.

For these reasons, I highly recommend a minimum of $250,000 of cyberliability/breach insurance. Between legal costs and HIPAA fines and penalties, you’re going to need it if you ever suffer a breach.

In the modern era, there is no longer a single approach to protecting and securing your data. You must have a layered or stacked approach to doing everything you can to make sure the bad actors out there don’t put your entire livelihood at risk.

Recent Videos
GNYDM24 Product Focus: Josh Gosnell, Vice President, Business Development at Adit, explains how cloud-based analytics and patient communication software can enable practices to run more efficiently.
GNYDM24 Product Focus: Michele Gabriel of DDSmatch stops by the DPR booth at the Javits Center in New York.
GNYDM24 Product Focus: Debra Engelhardt-Nash talks about how Weave's systems can help with increasing patient acceptance and with practices getting paid.
At DS World 24, Max Milz, Dentsply Sirona VP, Connected Technology Solutions, talks about the company's new Primescan 2 intraoral scanning solution and how it fits in with a variety of digital dentistry workflows.
At Dentsply Sirona World 2024, Henry Schein's Matt Kunzler talks about the brand new innovations from Dentsply Sirona, including Primescan 2, a first of its kind cloud native scanner, as well as Henry Schein's flex financing solutions.
The Uptime Health Story: An Interview with Uptime Health CEO and Co-Founder Jinesh Patel
Mastermind Episode 33 – Charting the Course for the Future of Dentistry
2024 Chicago Dental Society Midwinter Meeting – Interview with Peter Maroon, business development and sales lead at Spectrum Solutions® on the new salivary diagnostic test, SimplyPERIO.
Related Content
© 2024 MJH Life Sciences

All rights reserved.