There are many risks out there as it relates to your dental practice and cybersecurity. Matt Scherer, a dental transitions expert, talks with Conner Mundy, a cybersecurity expert, about all the ways cybercriminals might try to attack your dental practice. From ransomware to HIPPA violations, no dental practice is safe if the proper precautions are not set up.
Contact Your Dental Transition Expert
The team at PMA Practice Transition is here to help. Have questions about getting started with a cybersecurity plan for your dental practice, contact us today. We are just a phone call away!
Additional Resources
For more resources check out Rea & Associate’s on-demand webinar, Are Cybersecurity Concerns Putting Your Dental Practice At Risk?
Transcript
Matt Scherer:
Hi, this is Matt Scherer. I’m with PMA Practice Transitions and PMA assists dentist with transitioning out of their practice. And we cover all of Ohio, Indiana, Kentucky, and Western PA. And today’s topic I have one of my colleagues Conner Mundy on with us, and we’re going to talk about cybersecurity in the dental office. Exciting, exciting topic I think. And I think it’s something that a lot of dentists probably don’t realize. Conner, you’d know better than me, but as it relates to dentists and cybersecurity, what do you think is the biggest threat today?
Conner Mundy:
Good question, Matt. I think it really starts back to what you just said about a lot of these dentists, they went to school for dentistry. They didn’t go to school for IT cybersecurity. So what we’re seeing a lot in dentists we work with now is that a lot of them are outsourcing their IT or cybersecurity to a third party. It could be maybe your local, “Oh, I have a guy, an IT guy.” Or it could be a local we call MSP, managed service provider that will do these services for you. And we’re seeing is a lot of them are focusing more on availability of their computers and of their software. Then actually the cybersecurity. It’s on the back burner and that right there is giving cyber criminals a couple of threat vectors to exploit those networks. A couple to go after here, phishing attacks, which usually is done via email. It will be, it will probably be an email that includes a malicious PDF or document. It could be like, “Hey, you need to change your password.” They’re just trying to get your credentials.
Conner Mundy:
Another one, legacy software and hardware we’re seeing a lot is a lot of dental practices still have old software that’s not getting patched by vendor, or they have what we call windows seven computers, which are now end the life and not getting updates, which are a huge threat. And then also the granddaddy of them, all we’re seeing is ransomware. It’s everywhere. And it’s actually coming at dentists at a large number rate. So it’s crazy.
Matt Scherer:
Yeah. And I’ll tell you, even for myself, I keep getting… My wife gets Amazon email saying, “Hey, you need to change your password because your…” Or not your password, but your credit card information, because your stuff’s not going through, yet orders keep going through. So I know it’s a scam. So, thankfully I’ve been educated enough not to click on those things and change my credit card because obviously then they get it. But going back to the dental owner. So, what happens if their data is compromised? What’s the impact to the dentist?
Conner Mundy:
Yeah. So to be honest with you, the days of using pen and paper charts, that’s the thing of the past. So, a lot of these dentists have these dental management solutions, a couple of names, Eaglesoft, Dentrix. What you see is that if that data is compromised and on the server, for an example, then a lot of their operatory machines, won’t be able to work. They won’t be able to function. So one, they could potentially be out of business. Another one is there’s fines coming. The OCR and HIPAA have fines up to $50,000 per record compromised. Also, a lot of what happens too, is a lot of the patients that get their information compromised, they’ll actually have lawsuits against the dentist. And then also, I mean, on top of all of this, the loss of reputation for the dentist is huge. It could really shut him down. If your data gets compromised for a dentist, you’re in hot water.
Matt Scherer:
Yeah. And we’ve seen, at least I’ve seen on the news, where big hospital groups and things like that have gotten where they’re ransomware. Right? So they hold their charts or their software for Bitcoin or something like that. Is that something that’s pretty prevalent in the dental community as well?
Conner Mundy:
Yes, of course. I mean that, again, you see the Bitcoin price right now. It’s skyrocketing. I mean, if they say, “Oh, we need one to two Bitcoins.” That could be $120,000 right now. So exactly. It’s scary.
Matt Scherer:
Yeah. And if you could, to minimize cyber risk in a dental office, I don’t know if there’s maybe a one thing or one major thing that dentists can do to protect themselves, maybe it’s a few things, but what would those things in your mind, top of the list, things to do as a dentist right now, if they haven’t protected themselves yet and they need to? What would you say they should do?
Conner Mundy:
I would start with, one big one is just endpoint protection. So make sure you have enterprise grade endpoint protection, that’s antivirus for a lot of people. Your IT provider can get you that. Another one, email encryption’s very important. The next one, just should remove legacy computers. So if it’s old and outdated, it still works, but it’s not getting patches, it’s time for it to go.
Matt Scherer:
Okay.
Conner Mundy:
Data backups are huge and make sure they’re encrypted. So, say you have a case of ransomware, you could still have your backup that you can still get so you can be operational. And then also just a good thing to do is just have a independent person coming into a HIPAA risk assessment, which would include looking at your software, looking at your hardware, looking at your business associate agreements you have with your third parties, and to understand where you are and where you need to be.
Matt Scherer:
Okay, great. That’s all great advice. And I’m assuming obviously you do all those things. So certainly, if you want to talk more with either myself and or Conner, probably Conner more than me because he knows the cybersecurity better than I do. Please get in touch with us. You can visit our website at pmagroup.net. Give us the thumbs up. If you like us, share us with your friends. And certainly give us a call if you want to talk more about cybersecurity in your dental office. Thank you for your time today.
Published by Matthew Scherer on March 19, 2021