By any definition, 2020 has not been a good year for most of us. Coronavirus disease 2019, lockdowns, social unrest…the list goes on. As a dental information technology (IT) provider, I realize it has been a very scary year for dental practices when it comes to the protection and security of patient data. From criminals trying to separate you from your money to complying with governmental regulations, it’s been a challenging year for dental practitioners. Here are the 5 biggest threats to dental offices and the steps you should take to minimize those risks.
- No Ransomware Protection
I believe this was the biggest technological threat to dental offices in 2020 and will be for years to come. A ransomware virus is a computer virus that can lock and block access to files. The only way to recover these files is by paying a fee, or ransom, to the individuals who locked the files. Of course, that’s assuming you can get the unlock key. There have been many reports of offices that paid the ransom but were still unable to regain access to their files. A ransomware attack is considered a Health Insurance Portability and Accountability Act (HIPAA) violation, and practices are required to declare a breach to patients and the federal government.
A firewall, antivirus software, and anti-ransomware software are tried-and-true methods of protecting your practice from ransomware. Newer approaches include application whitelisting, which allows you to prevent any unapproved programs from running and can be very effective.
- Inadequate Firewalls
We can spend hours discussing how to deal with ransomware if it hits your network, but the better approach is to prevent malware from reaching it in the first place. This is where a firewall comes into play. A firewall is a network security device that monitors incoming and outgoing network traffic. It permits or blocks data packets based on a set of security rules. As with many things in life, you tend to get what you pay for. Yes, your cable modem or inexpensive router has a firewall built into it, but in many cases, it’s not sufficient. I suggest investing in a business-class firewall such as those from SonicWall or Sophos. These are more costly, usually $500 to $700, but the peace of mind you get is priceless.
- Improper Backup and Disaster Recovery Protocols
Your data protection and security are only as good as the backup plan you have in place. Many offices have poor systems in place—they do infrequent backups, often to unencrypted hard drives that are rarely removed from the office, and they can’t remember the last time they checked the backup or did a test restore. Each one of those flaws is a HIPAA violation. A proper system includes a full copy of the server that can be booted up quickly, in case the main server goes down, and a copy of the data off-site. The system should be tested a few times a year.
- HIPAA Violations
Understanding HIPAA rules is critical because it permeates through almost all of a dental office’s IT systems. Even for first-time offenses, the typical fine is $25,000 to $50,000 and can be much higher if the practice is found to be willfully negligent.
Start with a formal risk assessment, which is required by HIPAA law. Once risks are thoroughly evaluated, it’s much easier to address those deficiencies. It’s also important to understand that while addressing HIPAA, you’ll be simultaneously addressing many cybersecurity best practices.
- No Cyber Liability Insurance
Although many dental practices have multiple layers of insurance to cover their building and employees, most have not invested in breach or cyber liability insurance. It’s impossible to prevent all viruses or attacks against the practice. But are you protected for when that day comes? The fines and penalties you may face from a breach are likely a small part of the overall costs when considering legal fees, loss of business, etc. Some form of cyber liability insurance is critical. Beware, however—because so many practices were hit with ransomware in the past year, the cost of these policies has skyrocketed.
While 2020 has been a bad year for many dental offices, practices should invest in securing patient data to ensure a safe and protected 2021.