Dental practices across the U.S. have become a favorite target for hackers, and ransomware has become the biggest threat. The consequences of any type of cyberattack—from phishing
to denial of service—can be practice-ending, but many providers don’t even know whether their systems meet the minimum HIPAA security requirements. Understand the main types of cyberattacks, the five most common vulnerabilities, and how taking a managed service approach can shore up your security and protect your patients and practice.
So Many Types of Cyberattacks—and Growing
Ransomware locks up your access to patient data unless you pay
Spyware installs software on your computer without your permission to capture and sell patient and practice data
Phishing accesses your network by luring your employees to click on links in emails that look legitimate
Trojan horse plants malicious software on your network when employees click on a link
Denial-of-Service attack bombards your network with traffic until your system crashes
Top Mistake 1. Weak anti-ransomware software
Ransomware shuts dental offices down. No patients, no revenue. How long could your practice make payroll in that situation? If your anti-ransomware software isn’t business grade, it’s time to upgrade. HIPAA requires it. Make sure the software is running on all workstations at all times. Effective anti-ransomware detects threats before they become attacks. It works like a security system for your home, buying you— and your IT resources—time to intervene.
“Small and mid-sized businesses like dental practices are often targets of cyberattacks because they are less likely to have full protections in place and devoted information technology personnel to prevent such attacks.”
Top Mistake 2. Insufficient back-up
Make sure your critical production servers are backed up locally and to the cloud. This virtually eliminates the risk of losing critical data. It’s also necessary to comply with HIPAA. The law requires that back-ups be maintained, all back-ups are encrypted for security, and a disaster recovery plan is in place.
1. When was your data last backed up?
2. If you had to switch over to your back up right now, would all your data be there?
If patient data is lost, it can take weeks and months to re-create it, slowing your practice to a crawl in the meantime. Re-building patient trust can take much longer and may never be possible.
Sufficient back-up includes ongoing verification of performance. It ensures all data is present and accounted for—and recoverable. The best solutions achieve data recovery in as little as 10 minutes, with no HIPAA fines for lost data and no overall practice downtime.
Back Up and Disaster Recovery Musts
• Local, frequent, encrypted backup
• Off-site, encrypted backup
• Ongoing verification of back-up performance
Top Mistake 3. Spotty IT support
It’s a myth that all IT service providers are the same. Look for a partner who knows dental, responds quickly, and fixes problems the first time. Many IT partners work across industries, so they may only serve a handful of dental practices each year. That’s not enough to gain the experience and skills needed to support your practice well. The last thing you want to be doing in a crisis is explaining your business and system to IT resources who have never solved your scenario before.
“Just having a firewall or anti-virus software does not cut it in the modern age, so dentists also should consider hiring a cybersecurity company to analyze the security of their own network.”
—Black Talon Security
Top Mistake 4. Unsecure firewall
HIPAA makes firewalls mandatory because they help keep external hackers from accessing your internal network and protect the information going into and out of your system. But a firewall isn’t something you can set and forget.
1. How many years ago was your firewall installed?
2. When was it last updated?
3. Is anyone monitoring its security ongoing?
If you can’t answer these questions off the top of your head, you don’t have the right resources watching your firewall. Explore managed firewall services that have real-time
surveillance and automatic security updates built in.
“The firewall can be envisioned as your missile defense system. Not only is it actively protecting outside threats and hackers from getting into the network, but it is also scanning each piece of data incoming and outgoing to prevent malicious software from running and wreaking havoc on your system.” —Reuben Kamp, Founder, Darkhorse Tech.
Top Mistake 5. Inconsistent patch management
Everyone in a dental practice should know when to accept security patches. Authentic alerts reflect software updates that have been made to neutralize new threats. The problem is that most employees don’t know which alerts are legitimate and which are suspicious, so they avoid them all.
Modern managed service providers like Darkhorse Tech take this individual guesswork out of the equation with system-wide automation. We monitor our clients’ cybersecurity continuously and patch holes immediately without your staff having to make a tech decision.
What Is a Managed Service Provider (MSP)?
An MSP is a company that remotely manages their clients’ IT infrastructure and end-user systems. Clients typically pay a relatively low subscription fee for service based on a monthly contract. They’re usually attracted to the MSP approach because it’s less expensive and less risky than trying to manage security on their own.
You Need to Protect Yourself…
Who Bears Your Cyber Liability?
If you don’t follow the federal guidelines for HIPAA compliance to protect your patients’ electronic personal health information (e-PHI), your dental practice is liable. You can face fines starting at $50,000 for each patient health record a cyberattack compromises. Look for a dental technology partner who has cyber-liability insurance to cover both fines and lost revenue in the event of a system failure. Very few partners offer this level of accountability.
Cases in Point
In the latter half of 2019, 400 dental practices fell prey to a single ransomware attack, and 100 dental practices fell prey to another. In both cases, the attacks came through technology partners who did not have cyber-liability insurance to cover their clients’ losses.
About Darkhorse Tech
Darkhorse Tech was founded in 2012 by Reuben Kamp when he saw a void in IT service for the dental field. He left his job at a national dental IT company to create a more personalized one-on-one service model.
Integrity Service Protection Reliability
Eight years later, Darkhorse Tech has grown mainly through referrals to serve nearly 600 dental practices in all 50 states. We have earned our reputation as leaders in delivering managed cybersecurity service for both start-up and established dental practices.
- Specialized in dental practice implementations.
- National footprint
- 100 new dental practice implementations a year. (20 times that of nearly independent dental IT providers)
- Cisco Meraki certified
Our zero downtime dental IT solutions span everything you need: Our service has been recognized for:
• Full HIPAA compliance • IT technicians specialized in dental implementations
• Anti-virus and anti-ransomware • Fastest response and resolution time in the industry
• Back up and disaster recovery • Highest customer satisfaction (CSAT) scores
• Cisco Meraki MX Firewall platform
• Security monitoring and patching
• Email hosting and encryption
• Secure Facebook Wi-Fi
“I’ve been in practice for over 16 years with three office locations and have used several IT companies. By far the best experience we’ve had has been with Darkhorse Tech. I can’t recommend them enough!”
– DR. BEN,
“Best in the Business. Timely responses, friendly service, fair price. Biggest benefit is the peace of mind you get knowing they have your back in terms of IT and security. It’ll cost you more not yo go with Darkhorse.”
– DR. ADAM LYSAK,
“When tech problems pop up, it is always at the worst time. Our experience with Darkhorse’s technicians has been excellent. The response time is fast, and the technicians have always been very patient and efficient.”
Where does your HIPAA compliance and cybersecurity stand?
And how does that affect the standing of your dental practice?
For a complimentary consultation, contact: https://www.darkhorsetech.com