According to a recent IBM report, a healthcare data breach costs organizations an average of $7.13 million. Even smaller practices aren’t immune to cyberattacks — they can suffer a loss of up to $1.24 million. In many cases, lost business accounted for close to 40% of the total cost of a breach.
It’s not just the security measures within the four walls of your practice that you need to worry about. Two recent high-profile breaches in the dental industry were caused by hackers infiltrating third-party IT vendors and gaining access to their customers’ systems.
With tab32 you don't need 3rd-party vendors and you only need IT for hardware issues. Click below to learn more!
DSS Safe is a medical records retention and backup solution offered jointly by Digital Dental Record and PerCSoft and sold to dental offices across the U.S.
The system was attacked by ransomware in August 2019 when hackers breached the software’s infrastructure. The REvil (Sodinokibi) ransomware was deployed to computers at hundreds of dental offices, preventing them from accessing patient records, schedules, payment information, and more.
Although the vendors paid the ransom, the decryption process was slow. Customers suffered an average downtime of 9.6 days. Some customers complained that the decryption key didn’t work or failed to recover all the data.
This incident is not the first attack of this nature that affects healthcare providers. An increasing number of cybercriminals are targeting software vendors or managed services providers (MSPs). They then deploy ransomware via these vendors' platforms to infect their customers’ systems.
Complete Technology Solutions (CTS), an IT vendor for dental practices, fell prey to a ransomware attack in November 2019. 100+ dental offices could not access their patient files, substantially disrupting patient care. In fact, the outages caused many to turn away patients and missed out on revenues.
The hackers compromised a remote administration tool that CTS used to conduct remote troubleshooting and configuration. They could infiltrate the computer systems of CTS’s customers because the function did not require the individual dental offices to authenticate access requests.
CTS declined to pay the ransom, and its customers were left to their own devices to deal with the flood of ransom notes. Some providers tried to recover data from offsite backups, while others hired third-party security experts to decrypt the files or negotiate with the hackers.
Cybercriminals are increasingly targeting IT vendors that service healthcare providers. They launch “disruptionware” attacks that threaten business continuity by halting operations, damaging reputations, and extorting money. This approach allows them to infiltrate hundreds of practices in one fell swoop.
The complexity of running a practice means it’s virtually impossible for any dental office to operate cost-effectively without using third-party IT companies or software providers. But using more vendors leads to more security threats.
Besides identifying cybersecurity threats within your system and practice, use reputable vendors that have the right measures in place to protect your data from malicious actors. It’s more important than ever to vet your IT partners carefully before entrusting them with your sensitive patient information.
When selecting a dental practice management software, look for a cloud-based platform. This can eliminate many security issues associated with on-premise solutions, which are prone to misconfiguration and outdated codes that give hackers the opportunities to infiltrate your network.
Additionally, your IT vendor should sign a HIPAA business associate agreement (BAA) before it handles your patient information. This helps ensure that you’re protected from fines and lawsuits associated with HIPAA violations if the vendor is at fault.
No Comments Yet
Let us know what you think