Your IT Vendor Could Be the Weakest Link

Melissa LuVisi
September 2, 2021 | 4 min read

According to a recent IBM report, a healthcare data breach costs organizations an average of $7.13 million. Even smaller practices aren’t immune to cyberattacks — they can suffer a loss of up to $1.24 million. In many cases, lost business accounted for close to 40% of the total cost of a breach.

It’s not just the security measures within the four walls of your practice that you need to worry about. Two recent high-profile breaches in the dental industry were caused by hackers infiltrating third-party IT vendors and gaining access to their customers’ systems.

With tab32 you don't need 3rd-party vendors and you only need IT for hardware issues. Click below to learn more!

Book a demo now!

Attack on Digital Dental Record and PerCSoft Cloud Remote Management Software Affected 400+ Dental Offices

DSS Safe is a medical records retention and backup solution offered jointly by Digital Dental Record and PerCSoft and sold to dental offices across the U.S. 

The system was attacked by ransomware in August 2019 when hackers breached the software’s infrastructure. The REvil (Sodinokibi) ransomware was deployed to computers at hundreds of dental offices, preventing them from accessing patient records, schedules, payment information, and more.

Although the vendors paid the ransom, the decryption process was slow. Customers suffered an average downtime of 9.6 days. Some customers complained that the decryption key didn’t work or failed to recover all the data.

This incident is not the first attack of this nature that affects healthcare providers. An increasing number of cybercriminals are targeting software vendors or managed services providers (MSPs). They then deploy ransomware via these vendors' platforms to infect their customers’ systems.

Ransomware Attack on Complete Technology Solutions Impacted Over 100 Dental Offices

Complete Technology Solutions (CTS), an IT vendor for dental practices, fell prey to a ransomware attack in November 2019. 100+ dental offices could not access their patient files, substantially disrupting patient care. In fact, the outages caused many to turn away patients and missed out on revenues.

The hackers compromised a remote administration tool that CTS used to conduct remote troubleshooting and configuration. They could infiltrate the computer systems of CTS’s customers because the function did not require the individual dental offices to authenticate access requests.

CTS declined to pay the ransom, and its customers were left to their own devices to deal with the flood of ransom notes. Some providers tried to recover data from offsite backups, while others hired third-party security experts to decrypt the files or negotiate with the hackers.

Cybercriminals are increasingly targeting IT vendors that service healthcare providers. They launch “disruptionware” attacks that threaten business continuity by halting operations, damaging reputations, and extorting money. This approach allows them to infiltrate hundreds of practices in one fell swoop. 

What Can Dental Offices Learn From These Ransomware Attacks?

The complexity of running a practice means it’s virtually impossible for any dental office to operate cost-effectively without using third-party IT companies or software providers. But using more vendors leads to more security threats.

Besides identifying cybersecurity threats within your system and practice, use reputable vendors that have the right measures in place to protect your data from malicious actors. It’s more important than ever to vet your IT partners carefully before entrusting them with your sensitive patient information.

Your IT Vendors With these 7 Questions To Enhance Cybersecurity in Dentistry

  1. Do you have a security team that focuses on managing risks and safeguarding patient data?
  2. Are you compliant with industry standards and regulations, such as HIPAA, SOC 2, and ISO 27001?
  3. Do you have a threat management and intelligence program? 
  4. What’s your incident report plan, and does it include incident notification service level agreements?
  5. Do you have a comprehensive backup and recovery procedure?
  6. Have you ever suffered from any cyberattacks or data breaches? If yes, how have you addressed the failed controls since the incident?
  7. Do you have a high cybersecurity score issued by a reputable organization?

Strengthen Your Cybersecurity Posture With Cloud Dental Software

When selecting a dental practice management software, look for a cloud-based platform. This can eliminate many security issues associated with on-premise solutions, which are prone to misconfiguration and outdated codes that give hackers the opportunities to infiltrate your network. 

Learn more now!

Additionally, your IT vendor should sign a HIPAA business associate agreement (BAA) before it handles your patient information. This helps ensure that you’re protected from fines and lawsuits associated with HIPAA violations if the vendor is at fault.

You May Also Like

These Stories on HIPAA

No Comments Yet

Let us know what you think