Every year about this time, our Social Committee starts revving up the excitement about our annual Halloween costume contest. Thoughts turn to the ghoulish and creepy, but to me, there’s nothing more off-putting than cybercrime. Especially when it comes to attacking dental practice data, ransomware tops the nasty list.
The stress, expense and loss of revenue are only part of the problem. Consider patient safety, potential breach exposure, government fines, tarnished reputations and governing body reprimands… the risks are immense.
With all the precautionary information circulating about data protection and software security, one might expect hacking thievery to be on the decline. Not so. It is actually reported to be on the rise!
I was shocked to hear just a couple of weeks ago about an alarming data hostage situation at the City of Midland, about an hour’s drive north of Toronto. A data hack and ransom demand affected the City’s computer operations, leaving the population of 16,000 without access to a number of important services. The City paid the bitcoin ransom for the decryption key and was back in business in two days.
Earlier this year, the City of Atlanta suffered devastating and expensive damage at the hands of a cyber attacker. Reportedly, decades of documents were lost and the City is still racking up millions in restoration costs, in addition to the $2 million just to fix the original problem caused by the hack.
We seem to be learning the hard way that no business is off limits to hackers who want to rake in easy money. And the anonymity of cryptocurrency is making them more difficult to catch. As an ounce of prevention, I’m re-posting my list of security measures and recommend that you share it within your dental practice as a reminder:
- Use a reputable email service provider with both anti-virus and anti-malware security built in. A good email product has layers of filtering to block, quarantine or eliminate bad files from ever reaching the desktop.
- Secure a personalized domain for your practice (name@PracticeName.com).
- Train yourself and your staff to recognize the warning signs of non-legitimate emails:
– an email is unexpected and the sender name not recognized
– there are obvious spelling, grammar and language mistakes
– a legitimate company logo is mimicked, appears warped, blurred, stretched, etc.
– a different url appears if you hover your mouse over the “From” address or link
– the subject does not make sense in the context of your business/practice
- Never follow unknown or suspicious links.
- Do not open attachments from an unknown sender, or if any aspect of the email seems strange. Examine zip files carefully; do not open .exe files. When in doubt, verify with the sender.
- Be wary about websites visited. Ensure all users stay on legitimate business sites, not distracted by ads, banners and pop-ups.
- Have at least two backups. Rotate daily and weekly backup files. Keep one offsite to protect your data from physical threats like fire, theft, or flood. Backups MUST be encrypted and you MUST safeguard the encryption key (password to decrypt).
- Have the backup data verified quarterly. This is like simulating a disaster; restoring your data from the backup to make sure that it works! Simply checking the backup notification is not data verification.
If you haven’t already spoken to us about protection, backup, data verification and recovery, click here to learn more and take action right away. Malware is everywhere and does not limit its ghoulish behaviour to one day in October.
If your practice has managed to avoid cyber threats and ransomware, outfit your IT team with superhero capes! Pamper them with some caramels and candy apples. Then treat them to this blog post to reinforce the importance of keeping up the good work.