As a dental practice owner, you’re running a healthcare organization that houses a wealth of private patient data. From names and home addresses to social security numbers and billing information, just think of your hundreds or thousands of patients captured in your database.
In the wrong hands, the data of your patients, employees, and organization could be maliciously stolen or used against you.
The first step in safeguarding your practice against cybersecurity threats is to educate yourself and your employees about the danger of data breach compromises— and to give the most common hacking scam a name: phishing.
Before a fisherman casts a line, he attaches a tasty piece of bait on the hook. He knows the hungry fish will be fooled by the floating snack, chomping on the worm without noticing that it's attached to a hook, which pierces it and stops it from swimming away.
Hackers/social engineers are like fishermen. They get their name from “engineering” believable social situations to trick unsuspecting targets. Just like a fisherman baits his line, social engineers phish for ways to trick employees with a false narrative. This trick may be a hacker sending an email pretending to be you (the boss), asking your receptionist to transfer over money. Or someone making a phone call posing as a distraught employee from another dental practice, phishing for private information about a patient.
There are a number of ways social engineers can fool your team, but the goal is usually the same: to obtain sensitive information or money from an employee, or to deploy malware onto your dental practice devices to hack in and acquire the data themselves.
Data breaches are an all-too-real problem for dental practices, with over 93% of healthcare organizations reporting a security breach in the last five years, according to Black Book research. And oftentimes, when these breaches hit, they hit hard. According to a 2017 study sponsored by IBM Security and conducted by Ponemon Institute, data breaches cost U.S companies an average of $225 per compromised record. Per patient!
But why dental offices? For starters, the social engineer knows that you store a lot of private patient info in your databases. To them, the more data they can get, the bigger their pay-off when they sell it on the dark web to individual hackers who will steal from your patients or employees.
Secondly, most hackers know that dental practices often don’t financially invest as heavily in cybersecurity measures as do larger healthcare providers. It’s not uncommon for a practice to not have a single IT person on staff, or to not invest a dime in employee security awareness and training. That means all it takes is one successful phishing attack against one employee and the hacker has the keys to your database’s kingdom.
While no practice is completely unhackable, there are a few best practices your dental practice can follow to reduce your chances of falling victim to a malicious phishing scam:
Social engineers are always coming up with new and clever ways to trick dental practice employees into sharing access to patient data. But while it’s important to educate your employees on the dangers and what to look out for, it’s only one part of the equation. Your practice also needs strong security defenses in place and someone who can routinely monitor and update them.
Leave the security up to the professionals by outsourcing to a trusted partner to handle your digital security. Here are 5 Reasons To Hire A Managed Services IT Provider For Your Practice to discover all the benefits.