Why Cybersecurity Matters at Your Dental Practice

Cybersecurity has been in the news now more than ever, and not for good reasons. With a heightened alert for cybercrimes taking place around the world and across every industry, there are a number of steps dental practices need to take to prevent threats. Here’s what you need to know and steps to take to keep your dental practice secure and safe from the inside out.

What it is

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued a series of alerts warning of ransomware attacks. This includes malicious software that can compromise dental practice systems and prevent access to schedules, billing or patient records. Specifically, phishing emails that attempt to steal personal information or break into online accounts using deceptive emails, messages, ads or sites that look similar to sites you already use.

What to do

The California Dental Association recommends a number of steps dental practices should put in place now, if they aren’t already. This includes using antivirus and threat detection software, requiring complex passwords, setting up multifactor authentication to access electronic health records with remote login capability, and perhaps most importantly, training staff on best cybersecurity practices. Additionally, the American Dental Association (ADA) recommends enabling strong spam filters to help prevent phishing emails from reaching end users, keeping software up to date with security patches, filtering network traffic, making sure antivirus signature files are current, and setting up proper backup systems.

What staff needs to know

The ADA notes cyberattacks oftentimes start with phishing emails, so now is the time to train staff to identify email and other phishing attempts. Some red flags to look out for include emails that ask for sensitive information, such as W-2s, Social Security numbers and passwords; emails that don’t address the recipient by name; or emails that have multiple spelling and grammatical errors. Additionally, the CDA advises to “always hover over the sender’s name to confirm the domain, and never open attachments or click links in suspicious emails.” Once a phishing email has been identified, staff should know to contact their IT professional.

How to learn more

The FBI has a webpage dedicated to spoofing and phishing, while the Federal Trade Commission (FTC) has a resource on cybersecurity for small businesses, and the CISA also has a resource on ransomware. Additionally, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published a fact sheet on ransomware and the Health Insurance Portability and Accountability Act (HIPAA), and the ADA offers a continuing education webinar on “Ransomware Readiness.”

What’s next?

Contact the experts at Professional Transition Strategies to learn more ways to keep your dental practice on top of its game.