“Watch-your-back!” That serves as a warning these days especially related to cybersecurity and ransomware threats to your dental practice database.
The ADA (American Dental Association) sounded the “watch-your-back” alarm recently. Two specific vulnerabilities could put your sensitive dental practice information at risk.
”The Cybersecurity and Infrastructure Security Agency is encouraging private businesses that use Microsoft Windows Server in a domain controller role to apply a security update released in August (2020). The update addresses a vulnerability that could allow an unauthenticated attacker to obtain domain administrator access, according to an agency alert.
Dental practices that have a Windows Server domain controller in their office environment should work with their technical support resources to make sure this vulnerability is addressed as soon as possible.”
”…a domain controller is a server that responds to security authentication requests, such as a request to log on to the server. The vulnerability affects the mechanism for authenticating user accounts, according to Microsoft.”
A second ADA caution includes a substantial settlement related to a data breach and HIPAA violations.
”The U.S. Department of Health and Human Services announced Sept. 25 that Premera Blue Cross has agreed to pay $6.85 million to the Office for Civil Rights at HHS to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules.”
The OCR (Office for Civil Rights) issued this alert:
“If large health insurance entities don’t invest the time and effort to identify their security vulnerabilities, be they technical or human, hackers surely will,” said OCR Director Roger Severino, in a news release. “This case vividly demonstrates the damage that results when hackers are allowed to roam undetected in a computer system for nearly nine months.”
Know your vulnerabilities
A routine network assessment could be the most important safeguard you implement. Protecting your dental practice from catastrophic data loss or a data breach must be more than a casual after-thought.
Thinking you’re immune as in, “…it won’t happen to me…” is no longer acceptable. Not in this era!
Network breaches are typically the work of outside hackers who prey on weak spots in your system. A regular network assessment could reveal some common vulnerabilities.
Unrecognized or inactive network users
Your network is safest when it’s accessed by those with designated, current access credentials. A scan might reveal outdated user names such as those who are no longer employed at your practice.
Computers with “keys-to-the-front-door”
For example, you upgrade your office computers and donate the old ones to staff members or charities for personal use. Security issues can arise if you fail to remove those individual units from your domain (server) and they still have access to your network.
This is an obvious point of concern. And it’s especially concerning if you don’t have a backup routine or a disaster recovery strategy in place.
”Free-range” user access
Administrator access to your system should be viewed as a privilege. Full access granted to all or most employees is risky… even if one has access and doesn’t realize it. Truth is - someone will (realize it)…and could exploit it.
Simple or easily recalled passwords are an exploitable weak spot for your system. Password complexity (e.g. eight or more characters including capitals and numbers) and changing them routinely can help keep your network “locked-down.”
There are certainly more vulnerabilities lurking around your dental practice data and network systems. The key is awareness and doing a routine assessment of your network to pinpoint weaknesses.
How to implement a cybersecurity and ransomware safe-guard to secure your data and stay compliant
Again, database vulnerabilities or lacking compliance isn’t intentional for the most part. It’s basically a lack of understanding about threat levels and how to meet data protection requirements.
“Expenditures to protect data are another form of insurance; they prevent disaster like fire insurance does,” - Dr. John Flucke
With that in mind, let’s follow the “insurance” analogy for compliance and data security.
HIPAA compliance “insurance”
- Create, implement, and monitor written policies, procedures, and conduct standards” for your patients’ protected health information (PHI)
- Designate a compliance point-person in-house to oversee your data management procedures
- Train and educate yourself and your team on compliance related issues
- Communicate consistently in team meetings and otherwise about compliance matters
- Audit and routinely monitor your data management protocols
- Provide guidelines and disciplinary actionsfor onsite compliance violations
- Immediately repair vulnerabilities
General data security “insurance”
- Double your providers. A single managed service provider could experience a breach. Having another in-play will help you maintain data access if one is hacked or compromised.
- Double your back-ups. Do a cloud back-up…and a physical back-up to a portable hard-drive. While a cloud back-up is fundamental, having a hard-drive in your possession can keep you in-business should something happen to the cloud data.
- Double your protection. Secure your hardware with a robust firewall and keep your data protected with up-to-date anti-virus software.
These safeguards combined with related staff training and communication can put an extra barrier of protection between your dental practice data and malicious security threats.
Cloud based systems provide a level of confidence when you’re concerned about cybersecurity and compliance for your dental practice
A general cybersecurity overview and how a cloud-based practice management platform can increase your protection is available in this resource:
Be confident that your sensitive dental practice and patient data is safe and secure…
Most HIPAA breaches occur when physical media ends up in the wrong hands. Could be a hard drive, a thumb drive, or an entire workstation - including the installed practice management software.
Denticon provides enhanced security for your patient and practice data.
- Remotely stored on servers at AT&T and Amazon Web Services
- Layers of intrusion detection and innovative security protocols
- Continuous back-ups with full redundancy and disaster recovery planning
Contact us for more information about how Denticon can streamline your systems and operational tasks and provide confidence for recovery from a data security threat.