In late 2022, the U.S. Department of Health and Human Services warned of a growing ransomware threat that might impact the dental community, pointing to new ransomware operators that aggressively target the healthcare sector with increasingly sophisticated methods. In addition, according to a recent Health-ISAC and Booz Allen Hamilton report, ransomware remains at the top of healthcare cyberthreats, followed by phishing and spear-phishing attacks, third-party or partner breaches, data breaches, and insider threats.
In a world of ever-increasing attacks, how can your business stay ahead of the cyber threat curve?
“The first thing to understand is that a cyber-attack will happen at some point,” notes Jon Northway, co-founder and Senior Technology Consultant at Integrity Systems & Solutions. “You can try to mitigate the inevitable. Let’s say you get hit with ransomware. If that happens — when that happens — your backup and security should be there to allow you to get back up and running faster than if you had to pay a ransom.”
Part of the issue is that the threat surface, or the access hackers have, has grown continually larger over time, so you don’t always know where an attack will come from.
The assumption tends to be that incursions hit most victims through email or text.
“It isn’t all electronic,” explains Eric Adams, Information Technology Operations Manager at Integrity. “We recently got a call from a company claiming to be QuickBooks Intuit, telling us our credit card wasn’t working. I know that we have no expiring subscriptions, but someone else might have taken the interaction and offered up a credit card number. Vigilance is critical.
“Having the right technology infrastructure in place, such as encrypted backups, encrypted email, appropriate firewall devices, web filtering, and other related protections makes a difference,” he continues. “But awareness and training are as important as any technology you have in place.”
In terms of proactive protection, there are a range of steps you can take. While they are not complex, putting them in place can help mitigate risk and worry. While we don’t have enough space for a comprehensive list, these are some common steps that you and your staff can take that can help your practice keep hackers outside the gates.
Implement strong passwords and multifactor authentication:
Stay vigilant against phishing attempts:
Regularly update software and systems:
Exercise caution with personal devices:
Be mindful of public Wi-Fi networks:
Regularly back up data:
Be cautious with personal information:
Educate and train staff:
Implement network security measures:
Develop an incident response plan:
“Integrity supplies the technology you need to protect your practice from hackers,” Adams says. “But, as a good vendor partner, we also want to offer guidance that tells you what you’re up against and how to keep a lid on human error. If you decide to undertake training, we want to help you develop the right education and program for your staff.”