Practice Protection: How to spot a phishing scam

Internet-based crime has been steadily rising in frequency each year. Ransomware is becoming more common, notably at the same time as the pandemic’s height in North America. We have addressed the rise of online criminal activity in recent blogs, such as our February blog post discussing why cybercrime has become more prevalent.   

With the digitization of much of our everyday tasks, ransomware poses as huge risk to companies, healthcare providers, and even governments. COVID-19 resulted in even more digitization, and therefore a higher occurrence of cyberattacks. In this post we are expanding on our blog post from April 2020 to provide you with some updated advice on protecting your practice from ransomware.  

While over half of the cyberattacks occurred via Remote Desktop Protocol (RDP) servers, hackers gained access to servers via phishing (29%). Since dentistry is largely an in-person profession (aside from teledentistry), phishing is the most common way for hackers to access a practice’s data. These attacks can grant hackers access to your practice’s network, which makes your office extremely vulnerable to ransomware.  

Key point: be wary of links and strange voice messages  

Phishing and vishing are common attempts hackers make to gain access to your practice’s network. Both methods can be seen in a variety of ways – for example, hackers may impersonate someone you know to gain a password, account, or request you send them money directly. Cybercriminals also may appear to be from a government or financial institution, accusing you of being in trouble, or that you owe money. Any unrecognizable message from an unverified source should raise suspicions.   

If you suspect you or your office may have received a phishing email, there are multiple tells that you can look for:  

  • An urgent email from an unknown source – for example, someone you know contacting you claiming to be from a “different email or phone”)  
  • Emails requesting instant action, such as sending your password or confidential information immediately, or sending money right away. 
  • Links that don’t match what they are displayed as: if you are considering clicking a link in an email, always hover over the link before opening it. If the destination does not match the displayed link, do not click. 

There are more signs to look for, which are detailed in this PDF. If you want more information on ransomware in relation to dentistry, ADA has an informative post on ransomware and cyberattacks, and provides details on how you can avoid losing your practice’s data.  

We are always looking for ways to help your practice grow and succeed. Securing your office’s data is the foundation of a flourishing dental office. If your office requires backup services, consider ABEL RBS for your office’s security. 

Why Cyberattacks Have Risen During COVID-19, and How to Protect Your Practice

As mentioned in previous posts, the COVID-19 pandemic opened the door for increased cyberattacks of all kinds. With many of our interpersonal communications moving online, hackers and criminals are continuously finding new ways to compromise our cybersecurity, and by extension, access our personal information. This problem goes beyond our personal devices, however, as healthcare-providers are a major target due to the valuable information that is kept on file. With countless breaches, ransomware attacks, and lost data, healthcare providers are turning to off-site backup services to ensure their patient and office data is safeguarded from threats.  

Dan Lohrmann wrote an insightful blog post covering the various topics under the umbrella of cybersecurity amidst COVID-19. Lohrmann summarizes that as much of the workforce shifted to a remote, virtual mindset, cyber criminals began taking advantage of the shift while most people remained in an adjustment period. In April 2020, WHO reported a higher number of cyberattacks on the organization’s staff, for example, via email scams. Lohrmann lists the many news articles that connect the vulnerability that the pandemic brought, with the increase in online criminal activity

While we have largely become used to regularly using virtual means for work, education, and socialization, cyberattacks still pose a massive risk to us. 

What does this mean for dentists? 

Your dental practice’s information is highly valuable to a hacker. Patient information, financial records, or even staff records can be used for malicious purposes in the wrong hands. While most of your work is done in-person, your computers can be compromised by something as innocent-seeming as an email. To ensure your data is safe from cyberattacks going into the future, ensure your team members are properly trained in cybersecurity. Social engineering, phishing, and vishing are all terms that your front-desk staff should be aware of. In addition to this, it is best practice to review and update this training at least yearly, and when there are staff changes or other major changes in your practice or more often if needed. Cyberattacks evolve as new technologies become implemented, meaning that your team needs to know what to look out for as hackers adjust their tactics. 

Another way you can protect your practice’s data is by keeping all computer systems, platforms, and software that your practice uses up to date with the latest versions. We spoke more in-depth on this in a previous blog post, but to summarize, software and system updates patch any insecurities that hackers may have found in between updates. These updates also are ever-improving security measures, so keep cybercriminals at bay by making sure your systems are not out-of-date. 

In addition to making sure hackers can’t cause any damage from the start, always have a backup plan in case of the worst possible scenario. If your office lost data, your practice could be significantly impacted for days, maybe even weeks, or even permanently, depending on the type and severity of the attack. Make sure your practice data is regularly backed up, either locally or in a cloud server. All practice data should be backed up, including all patient records, financial information, schedules, etc. Having a backup ready in case your office experiences the worst-case scenario saves you hours of distress in trying to get that data back or dealing with the repercussions if it is lost for good. 

In summary, prioritize your practice’s data security by: 

  1. Ensure your staff has up-to-date cybersecurity training regularly. 
  1. Keep your software, computer system, and all platforms up-to-date. 
  1. Back up your practice data regularly – either remotely (such as ABEL RBS, a remote backup service using cloud technology), or locally. 

3 Simple, Necessary Steps to Take for Data Security

Security professionals, financial advisors, and even government agencies suggest that in 2020, cyberattacks can be more devastating on a business than a natural disaster. If your office faced a cyberattack today, would you have a plan to follow to recover your valuable data? 

As dental software providers, one of our ongoing goals is to ensure dentists keep their practice data safe and secure, regardless of which software they use. Healthcare practitioners, such as dental providers, are always targets for cyberattacks because of each practice’s valuable information and records. While paperless recordkeeping boasts increased security for your practice records, it is crucial to keep in mind that data needs to always be safeguarded from potential threats. In this blog post, we have four simple steps that you can follow to ensure your dental practice’s data is sufficiently secured in the event of a cyberattack. 

Step 1: Keep your software and computers up to date 

Whether you store your dental records on an all-in-one practice management software or you use other options, chances are that the software you use rolls out regular software updates. Our first simple step to data security is keep your software updated. We have discussed the importance of keeping your software up to date in previous blog posts. To summarize, software updates provide users with the latest security to counteract potential threats, which are continually evolving. Additionally, these software updates fix bugs that could potentially lead to unprotected data.  

Along with software updates, ensure your computer platforms and operating systems are regularly updated as well. Updated computers and operating systems incorporate advanced security measures and bug fixes that are necessary to prevent the latest threats. For example, as of January 2020, Microsoft no longer supports outdated platforms such as SQL 2008, Windows Server 2008, and Windows 7. Since these platforms are no longer supported, the software no longer receives security fixes in automated updates, leaving the system vulnerable to viruses, spyware, ransomware, and other malicious threats. Although you may require a periodic investment to keep your system up to date, it is best to always make sure you are using supported versions of the technologies used in your practice.  

Step 2: Maintain proper user credentials 

In addition to keeping up with software updates, make sure your workstations’ passwords are private and strong enough to minimize threats. News stories, statistics, and testimonies can attest to the issues bad passwords can create for a businesses. For instance, 81% of hacking-related security breaches are caused by insufficient passwords. As shown through multiple studies, weak passwords can be the downfall of an entire organization. Not only can an outsider easily access your valuable practice data but, with poor passwords, a team member could access something they are not supposed to. 

How can you strengthen your password security? For starters, if you can, ensure each team member has their own secure login information to eliminate the risk of password-sharing and similar problems. Additionally, ensure all passwords are unique and strong; everyone should avoid using personal information in their passwords, such as their name or birthday, as these could be easy to identify for a potential hacker. General phrases such as “password” should always be avoided. Password specifications vary from source to source, but universally, almost everyone agrees on these general principles: 

  1. Keep your password long (recommendations vary, but generally 8-16 characters) 
  2. Use a mix of capitalized and lower-case letters 
  3. Integrate numbers and symbols into your password 
  4. Ensure passwords are periodically changed 

Lastly, to keep your workstations as secure as possible, passwords should change every few months. The passwords should also not recycle any words or patterns as a precaution. If you or your team members struggle to remember multiple unique passwords, consider using a password manager to keep track of everything. For more tips on how to create a strong password, read this article. 

Step 3: Backup your practice’s data 

Our third simple step for protecting your practice’s valuable data is backing up your data regularly. While you can do everything possible to protect your data in the event of a cyberattack, some things are uncontrollable. For example, natural disasters can cause devastating and irreversible damage to your practice’s servers if they are kept in your office. To ensure your practice data is as secure as possible, look into secure Cloud backups. Doing regular data backups not only prevents significant data loss if a cyberattack struck your office but also ensures your practice’s data is secured off-site. Microsoft Azure is an example of a Cloud solution, and it is the one ABELDent uses for Remote Backup Services. 

By checking off these three simple steps, you are taking the necessary actions towards securing your practice data.  

3 Reasons You Should Keep Your Software Up To Date

In a Pew Research Center study on Americans and cybersecurity, roughly one out of ten people do not update their smartphone software at all. While ignoring software updates poses a major risk to the individual user’s security, a staggering number of people still choose to stay with the older version of the software. Why is this the case? 

Patrick Boblin writes on this issue in an article regarding the reasons people avoid updating their computers. Some of the reasons Boblin lists include compatibility issues, having a bad prior experience, and being comfortable with the way their system currently runs. One specific reason that stands out is that people don’t understand why they need to update their systems so frequently, and as a result, have less security. 

The reasons Boblin brings up go beyond computer or smartphone updates. Many users ignore software updates, especially if they seem tedious, or the changes are not adequately explained. In today’s blog, we want to emphasize the importance of keeping your software up to date, especially the software you use for your dental practice. 

Security 

First and foremost, software updates are created to maximize the user’s security. Technologies are always changing and unfortunately, so are viruses and other threats to your system. To stay up to date on the best security, it is crucial to update the latest version of any software you are using to keep your information protected. These updates provide the best possible defense systems to prevent cyber-attacks before they become a problem for your practice. 

Bug prevention and elimination

When software updates are published, the new version usually accounts for bugs that have been reported by users. Even if you or your team has not experienced any of the corrected bugs, updating to the latest version of the software eliminates the chances of that bug happening to you in the future. And if you have experienced one or more of the bugs, there is no need to continue to live with and negative impact. Updating your software frequently prevents both ongoing and potential frustration that can be the result of software issues.   

It’s best practice 

Making the most of your dental software’s capabilities is the best practice for your team and your patients. Continually updating to the most recent version prevents errors, maximizes your software’s capabilities, and simplifies your team’s workflow. Downloading the latest updates also means you are taking full advantage of your dental software and getting the full value out of the product that you use every day. 

Essentially, your software is continually updated to provide you with the best possible product to make your daily tasks more efficient and secure. It is beneficial to keep up to date on the latest developments for your security, as well as ease-of-use, whether it is your smartphone’s operating system or your dental practice’s scheduler. 

Protect Your Practice as Cyberattacks Increase

Multiple threats are challenging dentists worldwide, including cybersecurity at this time. Cyberattacks have risen by 37% in one month, cited by Phil Muncaster at the Infosecurity Group.

Hospitals have been experiencing international ransomware attacks from hackers taking advantage of the current situation. When hospitals are unable to access their data and applications, the treatment process is delayed, thus putting patients directly at risk. Hospitals and other healthcare providers, including dentists, are particularly a high-risk group for ransomware, phishing, and cyberattacks. This week, we are doubling down on data security to make sure that your practice data is protected in this difficult time.

Educate Your Employees

Our last few blog posts mentioned using some extra free time as a chance to educate yourself and your employees on some important aspects of your practice, such as maintaining security. Ensure that anyone who accesses the company emails or social media outlets are very cautious when receiving any messages from unknown senders, particularly with enclosed links. Oftentimes it is best not to open emails and messages from unknown senders if they were not expected or seem irrelevant. If employees do open the email, reinforce that they need to be very sure any links can be trusted prior to clicking them. If you or your employees have suspicions about an email, it is likely in your best interest to delete the email and/or block the sender for your safety.

Have The Right Systems in Place

Take all measures to protect your practice’s data, and ensure your patients’ security. Best practices include having strong passwords and changing them regularly, such as every few months. 

Being aware of the security measures that you should take if your data is threatened. For instance, mitigate the threat that ransomware poses to your practice by doing regular backups on your practice’s local server, or consider a cloud-based server that automatically backs up your practice’s data. This way, if your confidential practice data is infected, you can restore the information from your most recent unaffected backup. 

Having a plan is key for bouncing back from a cyberattack quickly. Just like your practice has emergency evacuation routes for office fires, being prepared for a cyberattack puts you one step ahead of the potential hacker in the event it takes place. Unfortunately, during these unprecedented times, organizations are even more at risk because there are multiple safety concerns. 

The switch to remote work has created an opportunity for cybercrime, but that can be combated with proper security measures and education to make sure any staff who is regularly checking emails or managing communications stay aware and alert.

We hope you are staying safe and healthy at home, and are using the resources available for yourself and your community at this time.

4 Ways Dental Clinics Can Improve Security Awareness

Most dentists I know have dozens of things to keep track of even on the slowest day, and it’s not surprising that cyber security is often far down the list of concerns of the clinics that I talk to.   

Unfortunately, cyber criminals seem to be taking advantage of this situation: cyber attacks now impact hundreds of dental offices in the United States alone every year. In some cases, these attacks are so devastating that they cause clinics to close for an extended period while they prepare to start seeing patients again.  

Fortunately, protecting yourself from common forms of cybercrime like phishing, malware, and ransomware is fairly straightforward, if you have the right software and a staff trained to recognize potential threats.  

Here are four ways you can improve security and training at your clinic this year.   

1. Make Cyber Security Part of Your Practice

We all have a tendency to believe that things like cyber attacks won’t happen to us. Psychologists call this the “optimism bias“. And while it makes it easier for us to go through life, it can also leave us vulnerable.  

Countering optimism bias requires that you train your workers to view cyber threats not as something that could theoretically happen, but as something they should be on the look out for every day.  

Normalizing cyber security routines that require weekly check-ins and following digital best practices are the first steps you should take to guide your staff to be more aware of the danger of cyber attacks.  

2. Help Your Employees Recognize the Risks

Phishing is a form of cybercrime in which targets are contacted through text, email, or by phone with the phisher posing as a legitimate institution. Phishing scams will take advantage of this familiarity in order to pry sensitive data such as banking and credit card info, passwords, or answers to security questions. 

Here are some of the most common signs that you might be dealing with a phishing scam: 

  • Requests for personal financial information 
  • Poor grammar and bad spelling 
  • Threatening language (e.g. “Your account will be closed if you don’t act now!”) 
  • Suspicious links (e.g. nonsense links, or links to misleading domain names) 
  • Unrecognized senders 

To avoid falling victim to phishing scams, be wary of messages that carry a false sense of urgency and ignore any links you may be asked to follow. Remember, your bank or any other professional institution will never ask you to login by phone or by following prompts other than the ones you’ve used in the past.  

You should also be aware that criminals are constantly developing new viruses and attack methods in order to continue to attacking the vulnerable. Cyber criminals have been using email as a vector for infecting computer systems with malware and ransomware for years, but they have also started to use social media apps like WhatsApp, Facebook, and iMessage to launch their attacks.  

Ransomware is a method of cybercrime where malicious software or malware is designed to deny a company access to their own servers or internal systems until a ransom is paid. Ransomware can be a follow-up attack to a phishing attempt and can be devastating for mid-sized, data-based companies like dental clinics. 

To avoid succumbing to this form of attack, be sure to continually update your computer Operating System (OS) and anti-virus software with the latest patches and do not click on links or open any attachments sent in unsolicited email. Most of us are fairly trusting and scammers use this behaviour against us by sending emails that can seem legitimate or harmless. Train your staff to recognize these warning signs, and report any unusual messages.   

3. Make Regular Backups Part of Your Routine

It’s not always possible to avoid cyber attacks altogether, so it’s also important to ensure that you’ll be able to bounce back quickly if the worst does happen.  

Dental clinics need to keep track of huge amounts of data, the loss of which can be absolutely disastrous. For this reason, you should make regular backups a mainstay of your routine.  

Look for sophisticated cloud storage solutions that automate backups and come with expert support, so that if the worst does happen, you’ll be ready to pick up where you left off.  

4. Use Software that Enhances Cyber Security Capabilities

When you’re looking for software solutions that can help you make cyber security easier and more efficient for your employees, you should look for tools that will mesh well and supplement your anti-virus software for additional protection. Solutions such as ABEL Guard (AppGuard with ABEL’s dental specific templates) prevents new viruses from harming your system until your anti-virus software is updated to eliminate those viruses. 

Also consider switching to a dental cloud server based platform that by default will provide maximum protection against cyberattacks since practice data is stored in and assessed from secure cloud servers – an added benefit is automated continuous data backups are always current should your practice data ever need to be restored for any reason.  

In conclusion:

It is best to be proactive and stay one step ahead of cyber criminals as much as possible. Make sure you have antivirus and additional security software for maximum protection as well as employed a cloud-based backup system to limit any negative effects should you be hit by an attack.  

During my time at ABEL, I have become convinced that a combination of the right tools and the right training can make all the difference when it comes to keeping your clinic safe from attacks. Get in touch with us today if you want to learn more about how we can help you improve your security and security awareness.  

Dental Software Development: Tips to Help You Communicate Better with Your Vendor

When you start up your dental practice management system at the beginning of the day, do you ever wonder how what you see on the screen ended up getting there? In short, what you are viewing is the collaborative effort of multiple team members and departments of your dental software vendor.

First there are individuals who conduct market needs analysis, gather industry intelligence, and analyze customer needs/feedback. Next, company management prioritizes the identified software requirements that will direct the software development team that produces the finished product for distribution.

This blog concentrates on the software development team and the process they follow to ensure the software they develop meets the needs of dental practices. What you learn will give you useful insight whether you are evaluating new dental software or already have a software solution.

Having a better understanding of the software development process can help you to articulate feature requests, questions and concerns more effectively. You will also gain a better understanding of where your ongoing investment in dental software goes!

The Dental Software Development Process

Have you ever requested a new feature or improvement to an existing feature and wondered why you can’t always get a definitive answer about if and when it can be completed? This is because there are normally a number of changes and new features already planned for the next software update as well as a series of steps that must take place when adding any new feature.

Here are the “best practices” that dental software developers typically follow to ensure delivery of a quality software solution:

1. Requirement gathering and analysis: Dental practice feature requirements are gathered in this phase based on vendor prior experience, market research, competitive analysis and most importantly, customer feedback. The objective of each feature under consideration must be clearly defined as well as the required data inputs and outputs. Assuming a feature request is deemed beneficial to a critical mass of customers, a Requirement Specification document is created which serves as a guideline for the next development phase.

2. System Design: In this phase, the feature’s functional design is prepared from the Requirement Specification document. System Design helps break down the specific requirements and identify how they fit into the overall system architecture. In this phase, the Testers define a test strategy that specifies what to test in the system design and how.

3. CodingUpon completion of the system design documents, the work is divided into logical modules and actual program coding is started. This may involve more than one Programmer and is typically the longest phase of the software development life cycle.

4. Testing: After the code is developed it is tested against the requirements to make sure that the product is meeting the needs that were defined during the requirements phase.

5. Deployment: Following successful internal testing, an “alpha” version incorporating the new feature/s is deployed to a select group of customers who have agreed, with the understanding that issues may arise, to report their experience. Further changes to the update may be required to address the reported issues. A “controlled release” (beta version) of the update is then provided to a wider customer group. Once the version is deemed stable, it is ready for full customer deployment.

6. Software Maintenance/Updates: The best software is continually evolving and improving – never static. Consequently, software vendors periodically deliver new, improved versions of their software to provide their customers with up-to-date features and integrations. This process is known as “software maintenance” and is offered under different costing models. Software support is often bundled with software maintenance plans to offer a complete service package.

Software Updates, Upgrades & Customization

There is often confusion as to what constitutes a software update, a system upgrade or a customized feature. Service updates are the first form of software updates and consist of “fixes” and/or minor enhancements to existing features as requested by customers or by Software Support team members based on their experience working with customers. 

Software Updates

Small improvements and features provided to the current version of the program are referred to as minor updates (for example version 8.4 to version 8.5). When more significant changes and new features are added to the software, it is termed a major update and correspondingly named as a new version (for example version 8.5 to version 9.0).

Software Upgrades

While an update modifies the current software product, an upgrade totally replaces it with a newer and often more superior version. Upgrades are necessary when new functional demands and requirements cannot be met by simple updates and as a result, typically involve migration to a new operating system, database management system or application platform (such as cloud based).  

Customized Features

A new feature that is provided to a specific customer (usually for a fee) is known as a customization as it is not part of a general software release. An example may be an integration with a third-party software for the purposes of providing workflow synergies between the two applications. Care must be taken to ensure that any customization continues to function when new versions of the dental software are released.   

Conclusion

The challenge for dental practice management software vendors has always been to take a complex product and make is as intuitive and easy to use as possible – without compromising functionality. Similarly, developing new features is not a one-time task but a continuous process software developers must follow.

New dental practice needs and technologies require dental software vendors to be nimble and have proactive systems in place to respond to change and keep their customers satisfied. By having a better understanding of the software development process, dental practices are in a better position to communicate requests to their vendor and ultimately receive the features they need on a regular basis.

Protect Yourself from the Latest Cyber Scams

At first glance, cyber security might not seem like it would be a major concern for dental clinics. After all, their focus is on providing high quality healthcare and making patients as comfortable as possible – so are they really a big target for hackers?

The answer, unfortunately, is yes: because clinics deal in so much private information, and because most clinics are relatively small operations, they have become magnets for cyber criminals looking to steal personal and financial information they can use to turn a profit.

Moreover, research shows that cyber attacks can have a devastating impact on small businesses like dental clinics. According to one study, forty-three percent of cyber attacks target small businesses, sixty percent of which fold within six months of the attack. These are risks that no dental practice can afford to take.   

Earlier this year, I wrote a blog post outlining some of the most common types of cyber attack and explaining some of the ways dental clinics can use practice management software to protect their financial records, patient files and other documents. Today, I want to follow up on that post by exploring ransomware attacks, identity theft schemes and the importance of developing a resilient strategy for weathering cyber attacks.

Ransomware: When Data Becomes a Hostage

In my previous post, I talked about phishing scams and malware that cyber criminals use to steal financial and credit card information. These types of attacks are designed to trick unsuspecting individuals into handing over personal financial information and all dental clinics should be on the lookout for them.

As mentioned in previous blogs, one type of malware – ransomware – has become particularly prominent. Unlike other forms of malware, ransomware doesn’t try to steal information from your database. Instead, it encrypts all the files on a computer’s hard drive and demands payment in return for decryption. Once you have been hit with the ransomware attack, you are forced to choose between having all of your information deleted or paying large sums of money to unlock your data.  

You can learn more about how ransomware has developed, and the unique threat it presents, in this video:

Ransomware is particularly dangerous because it can be difficult to track and cyber criminals are constantly adapting and tweaking their methods for delivering ransomware to your computer.

For this reason, the only real way to protect yourself from a ransomware attack is to make sure that your live data is accessed from cloud servers (rather than an on-site server) and that it gets backed up regularly in the cloud. This will ensure that your data won’t be held hostage due to unauthorized access and that you’ll have reliable copies if you ever need them.

Beware of Identity Theft Data Mining

While we often emphasize the financial costs of hacking, it is especially important for dental clinics to remember that there is another dimension to the problem: because they deal with large amounts of detailed and private information, many hackers will target clinics to mine data they can use for the purposes of identity theft. Consequently, we advise our ABELDent clients to never store sensitive information such as patient credit card numbers on their systems. 

If a cyber criminal gets hold of your patient’s clinical records, this can plunge you into a bureaucratic nightmare for failing to protect confidential healthcare information. Fines and penalties can drain your bank account and interrupt just about every aspect of your life for months on end.

At ABELDent, we have been talking for years about the importance of protecting patient information and recent legal developments only serve to underscore the importance of making sure that dental clinics are taking all necessary precautions to protect against identity theft.

Upgrading to cloud-based practice management software can make a world of difference in this regard, as it’s specifically designed to help healthcare professionals keep their patients’ data safe, while also protecting against data breaches that can lead to potentially ruinous court cases.

How Quickly Can You Bounce Back?

While it’s important to provide as many layers of protection as possible when it comes to cyber security, the chances are high that you will still be the victim of some kind of attack at some point. So, what do you do when that happens?

  1. Having a plan in place is crucial if you want to be able to bounce back quickly from a cyber attack. Evidence shows that clinics that have a system in place are usually able to get back up and running within hours, but only if they have backed their systems up properly and have protocols in place to minimize damage.
  2. Preparing your team so that they know who to call and what to do in the eventuality of a cyber attack is key if you want to make it through an attack unscathed. So take the time to train your staff on the right procedures -and make sure you are regularly backing up your data in secure ways!

Based on the cyber security outlook for 2019 , we’re no closer to preventing the occurrence of cyber crime. In fact, for small businesses like dental clinics, the likelihood of being hit by some kind of cyber attack will probably only increase in the coming year. This is why it’s so important for clinics to take the necessary measures to protect themselves from attacks that can cost tens of thousands of dollars, shut them down permanently and even get them into legal trouble.

In summary, don’t take any chances with your cyber security: backup your data regularly in the cloud. Better still, use a dental practice management system that accesses your live practice data from cloud servers so that it is never stored on-site and susceptible to attacks. You will be much less susceptible to an attack and even in the unlikely event that you are hit, you can recover easily with up-to-date backups. 

How A Cloud Server Platform Can Help Your Dental Practice

Every day, dental clinics across Canada handle a lot of sensitive information. Between patient scheduling, clinical records, financial information, payroll, and co-ordination with other healthcare and insurance providers, dentists and dental hygienists need to know where to find the information they’re looking for at a moment’s notice.  

This means how and where to store information can be a major issue. As anyone who works in a dental clinic knows, the days of keeping patient files in manila folders is long gone for most – but just because clinics use computers now doesn’t mean the storage question has gone away.

As a solution, many clinics have started to backup their practice data in the Cloud. But some practices have told me that they have doubts about the Cloud’s safety. In addition, simply backing up data in the Cloud is only part of the solution and thus only mitigates part of the risk. If the data you access every day to run your practice still resides on a local server, you remain highly vulnerable to cyberattacks. To help, I’ve prepared this brief explanation of how the Cloud works and why using a cloud server is the more secure option for accessing and backing up your dental practice data.

What is the Cloud, Anyway?

In a nutshell, it means that rather than storing and accessing your data from an on-site (local) server, it is stored on powerful offsite servers (known as cloud servers) and accessed via the internet. Depending on the application, it may also be stored and accessed from the cloud server. cloud computing has been around since the 1960s but it’s only in recent years that cloud computing and cloud storage have become widely available. This shift happened when companies like Microsoft, Amazon and Google started marketing cloud storage services to businesses and the public.

Chances are, you already use cloud services a lot more than you think – your last Netflix bingeing session of Stranger Things wouldn’t be possible without this technology. But some dental practice owners are still reluctant to access their records from the Cloud and store backups there because they worry that the Cloud is less secure than storing information on their own computers. But are these concerns actually warranted?

Is the Cloud Server Platform Safe?

The short answer to this question is yes – not only is the Cloud safe, but it actually offers more security than other data access, backup and storage methods.

When you store all of your live data on-site, there are a number of risks. Because your data is literally being stored on hard drives in your office, all someone needs to do is remove the hard drives and all the information stored on them will be lost. Even if you have kept a backup of your data on a separate storage medium, it will only be as up to date as the last time you did a backup. Furthermore, you have no way of knowing if your backup is valid. As a result, on-site data access and storage represents a huge vulnerability for any dental practice.

On-site storage also exposes your data to potential accidents or natural disasters. For example, with offices that experience floods or fires, there is a very real possibility that many years’ worth of information will be lost – particularly if backups are store on-site as well. The old adage about not putting all your eggs in one basket definitely applies here.

Will a Cloud Platform Affect How My Dental Practice Accesses Files?

Yes and no. When you use cloud servers to store your information, you are taking an important step toward preventive theft and loss of data. But this doesn’t mean it will be more difficult to access.

Not only do cloud server solutions store client information more securely, coupled with data encryption, they enable secure integrated, automated, patient communication solutions. These provide a safe and efficient means of information exchange between the practice and patients via email and text, particularly for appointment reminders and confirmation.

Another advantage of cloud computing is convenience: because data is stored in the Cloud rather than on local hard drives, your team members can access information from anywhere, on almost any device. And should there be a data security breach, access devices are not affected. If your workstations are damaged in a natural disaster or fire, all your information is already safely backed up remotely in the Cloud.

For these reasons, cloud-based practice management software is rapidly becoming the platform of choice for dental practices.

Don’t take any chances with your patients’ data; consider switching over to a cloud server solution specifically designed for use by dental practices. If you decide to stay with a local server solution for data storage, at the very least, make sure your practice data is regularly backed up in the cloud.

How Web-based Dental Solutions Protect Against Cyberscamming

Dental clinicians and practitioners face a unique set of challenges day in and day out, from ensuring patient satisfaction to staying on top of technological advancements in the field to maintaining a steady income stream in a increasingly competitive environment.

But a dental practice also faces the hurdle of keeping its staff and patients connected, which exposes them to an altogether different struggle – that of keeping data secure in an age when scammers are working harder than ever to compromise patient information.

The protection and organization of data is a serious matter, and so I’m starting the new year by bringing you up to speed on the rise of phishing and other cyberscamming attempts.

cyberscam protection

Below, I discuss recent scams both in and out of the field of dentistry, and provide some tactics to help you defend yourself.

Gone Phishing

Phishing is the act of impersonating legitimate companies through email or phone contact in an attempt to lure staff or consumers themselves into divulging private, personal information.

Emails will often ask for login credentials and other personal info to solve a vague but urgent problem. Scammers go to great lengths to make the request seem legitimate, which works to build a false sense of security in victims.

The CRA Scam

Consider the recent CRA scam that has already affected 4,000 victims who have lost more than $15 million. This scam takes the form of a call from someone claiming to be from the Canada Revenue Agency, who then threatens victims with arrest for owing back taxes. The scammers will often demand payment in the form of gift cards, cybercurrency, wire transfers or other unorthodox methods of payment.

Up the Amazon Without a Paddle

Meanwhile, the RCMP are issuing warnings about a phishing scam targeting Amazon customers. The police warn about emails sent to customers regarding purchases they never made, complete with receipts of purchase and shipping addresses. By clicking on the ‘details’ button, emails direct victims to a fake Amazon login page that then attempts to steal credit card information.

Cyberscams with Teeth

The dental industry is not impervious to these threats, either. In 2015, an Oregon dental services company reported that a hacker had breached their system, accessing the information of more than 151,000 patients. The pinched data included patient names, social security numbers, phone numbers and addresses, as well as birth dates.

The hackers leveraged malware in order to obtain an employee’s username and password which gave them access to the company’s membership database.

protection from hackers

Protect Yourself

I can hear you asking, how do I protect myself against these threats? If you want to keep your personal or financial records safe from scammers, this simple but effective list of considerations will really help keep your info safe from compromise.

  • Don’t reply to any email that requests you to enter your personal or financial information
  • Check the hyperlink by hovering your mouse over the link to verify the address. If the email claims to be coming from Aeroplan, verify that the site is indeed Aeroplan.com or .ca
  • Contact your bank or financial institution immediately if the email or phone call claims that you owe money. Banks compile info on these scams and reporting the incident can help bring down the predators
  • Get in touch with Equifax or TransUnion to place a fraud alert on your name if you suspect you might be the victim of attempted identity theft

If you run a dental practice, and you’re worried about keeping your financial records, patient files, schedules, and other documents secure, it pays to partner with a company that understands the nuances of cybercrime.

Servers aren’t always secure, and your digital dental office staff are only human and are not invulnerable to sophisticated phishing scams, so it pays to add another layer of defence. Services are available that offer safe encryption of your data and advanced cloud storage. Data is protected from attacks but can quickly be restored with up to date backups if necessary.

If you feel that you are the target of a cyberscam, take your time and remember to be cautious. When dealing with any company, including a government agency like the CRA, you have the right to request written information, ask for a call back number, and demand time to think over the situation. A real company will be trying to solve a problem, and will show patience. Scammers around the world are all the same – they will want to part you from your money as soon as possible.

And if you run a dental practice, remember that safe, reliable web based dental solutions are available and becoming increasingly the platform of choice.