Cyber Security in the Dental Industry

Cybersecurity needs to be taken very seriously within a business, especially with clients whose personal information is concealed on in-house systems. Below are a run down of the potential threats that may happen, but also bear in mind, having the right software in place from companies such as Sift can provide that extra protection.
Top 5 Current Cybersecurity Threats Include:
1. Email phishing attacks – an attempt to trick the email recipient into giving out information over email
– appears to come from a trusted source
– usually contains an active link or file that may download malware or access sensitive information
2. Ransomware attacks – a type of malware that uses encrypting to deny access to a user’s system and data until a ransom is paid
3. Loss or theft of equipment or data
Vulnerabilities include:
– lack of asset inventory and control
– failure to encrypt data
– lack of physical security (an open office & poor physical management)
– lack of simple safeguards (computer cable locks)
– lack of effective vendor security management (data and equipment protection and security measures)
– lack of a process to clear sensitive data before IT assets (discarded medical devices that may be transferred or used by other organizations)
4. Insider accidental or intentional data loss
Vulnerabilities include:
– sensitive data files accidentally emailed to incorrect or unauthorized addresses
– lack of adequate monitoring, tracking, or auditing of access to patient information on electronic health record systems
– lack of logging and auditing of access to technology assets (email and file storage)
– lack of controls to monitor emailing and uploading of sensitive data outside the network
– lack of access controls and employee training regarding social engineering and phishing attacks
5. Attacks against medical devices relating to patient safety – a hacker may attempt to gain access to the network to take control of medical devices and place the patient at risk
10 Cybersecurity Practices to Minimize Threats Include:
1. Email protection systems – “free” or “consumer” email systems should be avoided
2. Endpoint protection systems – desktops, laptops, mobile devices, and any other devices connected to the network should be protected and secured
3. Identity and access management – identify users and audit access to data, applications, systems, and endpoints
4. Data protection and loss prevention – categorize data as highly sensitive, sensitive, internal use, and public use and
5. Asset management – integrate daily IT operations into processes to protect IT assets (procurement, deployment, maintenance, and decommissioning of devices)
6. Network management – have strong firewalls in place for proper access inside and outside the organization
7. Vulnerability management – implement processes to classify, evaluate, prioritize, and remedy vulnerabilities in the system
8. Incident response – implement systems to quickly detect cyberattacks and develop processes to quickly respond and resolve the issue allowing the breach
9. Medical device security – any device directly connected to a patient for diagnosis or treatment should always be tested for safety and quality control
10. Cybersecurity policies – cybersecurity roles and responsibilities should be defined
– employees should be adequately trained to handle common cyberattacks
– acceptable use of data, equipment, software, and programs should be definedposition on personal devices should be outlined
– office policy for mobile devices should be provided
– a process for reporting suspicious activity should be in place