By Robert McDermott; President/CEO, iCoreConnectJust as you wash your hands regularly so you don’t get sick, it’s critical to adopt good habits of digital hygiene to prevent cyberattacks on your practice. The illness threatening your practice is called malware—an umbrella term for any malicious software criminals use to steal your or your patients’ data.
Ransomware, a particularly sinister form of malware, burrows into your system and begins encrypting all your data so you can’t access it. Then a cybercriminal holds your data for ransom, demanding you pay them a large sum of money to gain access to your own files.
Just like a human virus can lie undetected, malware can be in your computer system long before you realize it. By the time you see symptoms, it’s too late. Cybercriminals are continually developing sophisticated methods for infecting computers and servers without you catching on. There are two primary ways malware gets into your system and holds your data ransom.
Hacking secretly taps into your data by exploiting weaknesses in your IT security. Smaller, older practices are often particularly easy targets, because many have outdated, unmaintained systems. Working with a proactive team of IT experts known as Managed IT Services Providers or MSPs is an important layer of defense against attacks. These folks can save you money, time, and headaches over the long run by detecting threats early to eliminate or reduce damage well before it gets out of hand.
Email can pose a particular vulnerability. Only use Gmail, Hotmail, Yahoo, etc. for personal or non-patient specific messages. For anything beyond that, set up a fully HIPAA-compliant, cloud-based email system that protects your information, whether it’s sitting in your inbox or being sent to another doctor’s inbox. There are big differences between an encryption-only email for general security and a truly HIPAA-compliant email fulfilling every HIPAA security requirement. These requirements range from verifying recipient identity to making sure no email is altered.
Phishing describes attempts to trick email recipients into thinking a message is from a trustworthy source, convince them to click a corrupt link, or provide sensitive information like a credit card number. Attackers prey on lack of awareness on the part of the recipient. You need to educate your whole team to recognize suspicious messages, links, and questions to avoid falling victim. If the sender is unknown; or claims to be your IT person, MSP, or someone in your office; and asks you to click an unusual link, verify the email first with the actual person on your team.
No one is inherently immune from cyberattacks. Take action now by working with a qualified dental IT services provider to assess, boost and maintain your IT immune system. Work directly with your staff to understand what to look for, and how to prevent these types of criminals from getting in the door. Recovering from an attack is much more difficult and costly than preventing it in the first place.