There are a dozen different ways your dental practice might encounter a data breach. It’s not necessarily caused by an ominous hooded figure in a basement, cracking through firewalls finding credit card numbers to buy more bitcoin. Data breaches can start anywhere — from an untrained employee to an old computer.
The first step to understanding what your office needs to protect itself is knowing what’s at stake. Contrary to what you might think, hackers are not particularly interested in your patient’s credit card information. In fact, patient healthcare information is worth 10 times more than credit card numbers on the black market. Typically when healthcare information is misused it’s harder (and takes longer) to track down.
Healthcare information is so valuable because it includes names, birthdates, addresses, policy numbers, and other private pieces of information. This can be used to create fake identification, file false claims, order medical supplies, and more. The black market industry this creates is extensive — costing the healthcare industry $6.2 billion according to the Ponemon Institute, which produces research and reports regarding cybersecurity.
Know your risk points
As we mentioned before, cyber-attacks are not necessarily nefarious plots that you would notice the same way you would a physical break-in or charges being added to your credit card. Knowing the vulnerable points of access for a hacker can help you stay ahead and build multiple layers of defense for your dental practice.
Here are just a few of the ways your practice’s information could be hacked:
- Paper. Yes, you read that correctly. Printed information is easy to steal from recycling bins or just walking through an office. It doesn’t take much for someone to snap a picture of the password you have written down near your computer or the insurance claim sitting in plain sight. Cross-cutting paper shredders are HIPAA compliant and a standard safety measure for every office.
- WiFi. Make sure you have a secure wireless network that is password protected and that there is limited WiFi on computers that contain patient information. Without a secure network, someone could theoretically sit outside your office and access your data.
- Poor employee training. Every member of your office should go through, at the very least, simple security training. There are hundreds of online courses. Teach them how to manually check for phishing emails and other warning signs of an impending cyber attack.
- Weak passwords. Change them every 90 days... but not to password123.
- Exposed data. This basically means any kind of patient data that isn’t protected using some kind of encryption shield. Encryption programs are fairly cheap and should be used anytime you are saving or sending patient information.
Make a security plan
We will discuss elements of this in later blogs, but the primary goal of making a layered security plan is to create fail-safes for your office in the event of a data breach.
Also according to the Ponemon Institute study, “two-thirds of all respondents [medical offices] don’t offer any protection services for breach victims, nor do the majority have a process in place for correcting errors in victims’ medical records.” Having a security plan in place not only can help prevent breaches, but it can inform how you triage victims after a breach helping you retain patients.
- Start by having a strong firewall system on all of your office computers. This will automatically monitor for trojan horse malware coming in from the outside.
- Have an antivirus set up to scan through any threats that make it past the firewall. Antivirus software also guards you against internal threats.
- Train your employees on how to spot phishing emails without opening them.
- Use strong systems with two-factor identification to log in. For example, Gmail sends a check-in email to make sure it is you who is accessing the account.
- Encrypt any files that have patient information. There are plenty of encryption applications that don’t cost much, are easy to use, and can essentially add an extra wall between your dental practice and hackers.
Understanding data security is a little like knowing how to do CPR — most of the time you won’t think about it but one day you may really need it. Taking time to assess your dental practice software, security systems, and even how you store and send patient data could mean the difference between a successful year and a cyber-attack that costs you most of your loyal patients.