Protecting Your Practice from Cyber Threats
( Reprinted from TDIC ’ s RM Matters )
What do Anthem , Yahoo , LinkedIn and JP Morgan Chase have in common ? If you guessed that they were all victims of some of the world ’ s largest data breaches , you ’ d be correct . From insurance carriers to retailers , financial institutions to the U . S . military , all organizations that have an online presence are subject to cyber-related risks and the reputational damage and loss of consumer trust that follow .
Unfortunately , not all businesses can recoup what they lose from cyberattacks . Major corporations can usually recover any losses as they have the financing , in-house skills and manpower to address the problem and recover lost data . But small businesses aren ’ t always as equipped to respond .
The health care industry is especially vulnerable to cyberattacks as hackers know they can access both patients ’ protected health information ( PHI ) and financial records . Even if your practice does not own a website or make financial transactions online , you can still be at risk simply by using the internet and working in a digitally connected office .
The most common cyberthreats businesses currently face are data breaches , malware and ransomware .
Ransomware cases are increasing and are estimated to have caused $ 5 billion in damages in 2017 alone , according to industry researcher Cybersecurity Ventures . A ransomware scenario occurs when hackers infiltrate a system and block access and then demand a ransom be paid in order to lift the restriction . Hackers will generally ask for the ransom to be paid via Bitcoin or other untraceable digital currency , making funds unrecoverable once distributed .
In a case reported to The Dentists Insurance Company ’ s Risk Management Advice Line , a practice ’ s software was encrypted by ransomware . Although the dentist paid the ransom demand , he did not receive the encryption key to regain access . Even an outside computer repair technician could not help recover the data still on the practice ’ s server . Ultimately the dentist had to escalate the matter to the police and sustained a significant recovery expense .
Even if the hackers did reestablish access once the ransom was paid , there was no guarantee that the recovered data would be “ clean ” or intact . Once a system is compromised , there is no assurance that it won ’ t get hacked again .
Another threat to business owners is malware , short for “ malicious software ,” which can infect computers through intrusive emails , web links and pop-up alerts . The malicious software can be downloaded without one ’ s knowledge and capture private information .
A dentist called the TDIC Risk Management Advice Line after discovering her email account was hacked . An email containing an encrypted PDF file was sent to 122 of her patients . The email instructed the recipient to download a program to access the PDF . The dentist was concerned that her patients would not realize it was a fraudulent email and would download the program and inadvertently infect their own personal computers . She was advised to notify her patients of the fraudulent email and establish a new email account as soon as possible to minimize any damages .
While cybercriminals are becoming more aggressive and infecting more computer systems , simple human error and misplaced trust are still leading factors in many data breaches . Thankfully , there are steps you can take to help protect yourself and your practice from cyberrisks .
14 MARCH / APRIL 2021 | PENNSYLVANIA DENTAL JOURNAL