3 Reasons You Should Keep Your Software Up To Date

In a Pew Research Center study on Americans and cybersecurity, roughly one out of ten people do not update their smartphone software at all. While ignoring software updates poses a major risk to the individual user’s security, a staggering number of people still choose to stay with the older version of the software. Why is this the case? 

Patrick Boblin writes on this issue in an article regarding the reasons people avoid updating their computers. Some of the reasons Boblin lists include compatibility issues, having a bad prior experience, and being comfortable with the way their system currently runs. One specific reason that stands out is that people don’t understand why they need to update their systems so frequently, and as a result, have less security. 

The reasons Boblin brings up go beyond computer or smartphone updates. Many users ignore software updates, especially if they seem tedious, or the changes are not adequately explained. In today’s blog, we want to emphasize the importance of keeping your software up to date, especially the software you use for your dental practice. 

Security 

First and foremost, software updates are created to maximize the user’s security. Technologies are always changing and unfortunately, so are viruses and other threats to your system. To stay up to date on the best security, it is crucial to update the latest version of any software you are using to keep your information protected. These updates provide the best possible defense systems to prevent cyber-attacks before they become a problem for your practice. 

Bug prevention and elimination

When software updates are published, the new version usually accounts for bugs that have been reported by users. Even if you or your team has not experienced any of the corrected bugs, updating to the latest version of the software eliminates the chances of that bug happening to you in the future. And if you have experienced one or more of the bugs, there is no need to continue to live with and negative impact. Updating your software frequently prevents both ongoing and potential frustration that can be the result of software issues.   

It’s best practice 

Making the most of your dental software’s capabilities is the best practice for your team and your patients. Continually updating to the most recent version prevents errors, maximizes your software’s capabilities, and simplifies your team’s workflow. Downloading the latest updates also means you are taking full advantage of your dental software and getting the full value out of the product that you use every day. 

Essentially, your software is continually updated to provide you with the best possible product to make your daily tasks more efficient and secure. It is beneficial to keep up to date on the latest developments for your security, as well as ease-of-use, whether it is your smartphone’s operating system or your dental practice’s scheduler. 

Protect Your Practice as Cyberattacks Increase

Multiple threats are challenging dentists worldwide, including cybersecurity at this time. Cyberattacks have risen by 37% in one month, cited by Phil Muncaster at the Infosecurity Group.

Hospitals have been experiencing international ransomware attacks from hackers taking advantage of the current situation. When hospitals are unable to access their data and applications, the treatment process is delayed, thus putting patients directly at risk. Hospitals and other healthcare providers, including dentists, are particularly a high-risk group for ransomware, phishing, and cyberattacks. This week, we are doubling down on data security to make sure that your practice data is protected in this difficult time.

Educate Your Employees

Our last few blog posts mentioned using some extra free time as a chance to educate yourself and your employees on some important aspects of your practice, such as maintaining security. Ensure that anyone who accesses the company emails or social media outlets are very cautious when receiving any messages from unknown senders, particularly with enclosed links. Oftentimes it is best not to open emails and messages from unknown senders if they were not expected or seem irrelevant. If employees do open the email, reinforce that they need to be very sure any links can be trusted prior to clicking them. If you or your employees have suspicions about an email, it is likely in your best interest to delete the email and/or block the sender for your safety.

Have The Right Systems in Place

Take all measures to protect your practice’s data, and ensure your patients’ security. Best practices include having strong passwords and changing them regularly, such as every few months. 

Being aware of the security measures that you should take if your data is threatened. For instance, mitigate the threat that ransomware poses to your practice by doing regular backups on your practice’s local server, or consider a cloud-based server that automatically backs up your practice’s data. This way, if your confidential practice data is infected, you can restore the information from your most recent unaffected backup. 

Having a plan is key for bouncing back from a cyberattack quickly. Just like your practice has emergency evacuation routes for office fires, being prepared for a cyberattack puts you one step ahead of the potential hacker in the event it takes place. Unfortunately, during these unprecedented times, organizations are even more at risk because there are multiple safety concerns. 

The switch to remote work has created an opportunity for cybercrime, but that can be combated with proper security measures and education to make sure any staff who is regularly checking emails or managing communications stay aware and alert.

We hope you are staying safe and healthy at home, and are using the resources available for yourself and your community at this time.

4 Ways Dental Clinics Can Improve Security Awareness

Most dentists I know have dozens of things to keep track of even on the slowest day, and it’s not surprising that cyber security is often far down the list of concerns of the clinics that I talk to.   

Unfortunately, cyber criminals seem to be taking advantage of this situation: cyber attacks now impact hundreds of dental offices in the United States alone every year. In some cases, these attacks are so devastating that they cause clinics to close for an extended period while they prepare to start seeing patients again.  

Fortunately, protecting yourself from common forms of cybercrime like phishing, malware, and ransomware is fairly straightforward, if you have the right software and a staff trained to recognize potential threats.  

Here are four ways you can improve security and training at your clinic this year.   

1. Make Cyber Security Part of Your Practice

We all have a tendency to believe that things like cyber attacks won’t happen to us. Psychologists call this the “optimism bias“. And while it makes it easier for us to go through life, it can also leave us vulnerable.  

Countering optimism bias requires that you train your workers to view cyber threats not as something that could theoretically happen, but as something they should be on the look out for every day.  

Normalizing cyber security routines that require weekly check-ins and following digital best practices are the first steps you should take to guide your staff to be more aware of the danger of cyber attacks.  

2. Help Your Employees Recognize the Risks

Phishing is a form of cybercrime in which targets are contacted through text, email, or by phone with the phisher posing as a legitimate institution. Phishing scams will take advantage of this familiarity in order to pry sensitive data such as banking and credit card info, passwords, or answers to security questions. 

Here are some of the most common signs that you might be dealing with a phishing scam: 

  • Requests for personal financial information 
  • Poor grammar and bad spelling 
  • Threatening language (e.g. “Your account will be closed if you don’t act now!”) 
  • Suspicious links (e.g. nonsense links, or links to misleading domain names) 
  • Unrecognized senders 

To avoid falling victim to phishing scams, be wary of messages that carry a false sense of urgency and ignore any links you may be asked to follow. Remember, your bank or any other professional institution will never ask you to login by phone or by following prompts other than the ones you’ve used in the past.  

You should also be aware that criminals are constantly developing new viruses and attack methods in order to continue to attacking the vulnerable. Cyber criminals have been using email as a vector for infecting computer systems with malware and ransomware for years, but they have also started to use social media apps like WhatsApp, Facebook, and iMessage to launch their attacks.  

Ransomware is a method of cybercrime where malicious software or malware is designed to deny a company access to their own servers or internal systems until a ransom is paid. Ransomware can be a follow-up attack to a phishing attempt and can be devastating for mid-sized, data-based companies like dental clinics. 

To avoid succumbing to this form of attack, be sure to continually update your computer Operating System (OS) and anti-virus software with the latest patches and do not click on links or open any attachments sent in unsolicited email. Most of us are fairly trusting and scammers use this behaviour against us by sending emails that can seem legitimate or harmless. Train your staff to recognize these warning signs, and report any unusual messages.   

3. Make Regular Backups Part of Your Routine

It’s not always possible to avoid cyber attacks altogether, so it’s also important to ensure that you’ll be able to bounce back quickly if the worst does happen.  

Dental clinics need to keep track of huge amounts of data, the loss of which can be absolutely disastrous. For this reason, you should make regular backups a mainstay of your routine.  

Look for sophisticated cloud storage solutions that automate backups and come with expert support, so that if the worst does happen, you’ll be ready to pick up where you left off.  

4. Use Software that Enhances Cyber Security Capabilities

When you’re looking for software solutions that can help you make cyber security easier and more efficient for your employees, you should look for tools that will mesh well and supplement your anti-virus software for additional protection. Solutions such as ABEL Guard (AppGuard with ABEL’s dental specific templates) prevents new viruses from harming your system until your anti-virus software is updated to eliminate those viruses. 

Also consider switching to a dental cloud server based platform that by default will provide maximum protection against cyberattacks since practice data is stored in and assessed from secure cloud servers – an added benefit is automated continuous data backups are always current should your practice data ever need to be restored for any reason.  

In conclusion:

It is best to be proactive and stay one step ahead of cyber criminals as much as possible. Make sure you have antivirus and additional security software for maximum protection as well as employed a cloud-based backup system to limit any negative effects should you be hit by an attack.  

During my time at ABEL, I have become convinced that a combination of the right tools and the right training can make all the difference when it comes to keeping your clinic safe from attacks. Get in touch with us today if you want to learn more about how we can help you improve your security and security awareness.  

Dental Software Development: Tips to Help You Communicate Better with Your Vendor

When you start up your dental practice management system at the beginning of the day, do you ever wonder how what you see on the screen ended up getting there? In short, what you are viewing is the collaborative effort of multiple team members and departments of your dental software vendor.

First there are individuals who conduct market needs analysis, gather industry intelligence, and analyze customer needs/feedback. Next, company management prioritizes the identified software requirements that will direct the software development team that produces the finished product for distribution.

This blog concentrates on the software development team and the process they follow to ensure the software they develop meets the needs of dental practices. What you learn will give you useful insight whether you are evaluating new dental software or already have a software solution.

Having a better understanding of the software development process can help you to articulate feature requests, questions and concerns more effectively. You will also gain a better understanding of where your ongoing investment in dental software goes!

The Dental Software Development Process

Have you ever requested a new feature or improvement to an existing feature and wondered why you can’t always get a definitive answer about if and when it can be completed? This is because there are normally a number of changes and new features already planned for the next software update as well as a series of steps that must take place when adding any new feature.

Here are the “best practices” that dental software developers typically follow to ensure delivery of a quality software solution:

1. Requirement gathering and analysis: Dental practice feature requirements are gathered in this phase based on vendor prior experience, market research, competitive analysis and most importantly, customer feedback. The objective of each feature under consideration must be clearly defined as well as the required data inputs and outputs. Assuming a feature request is deemed beneficial to a critical mass of customers, a Requirement Specification document is created which serves as a guideline for the next development phase.

2. System Design: In this phase, the feature’s functional design is prepared from the Requirement Specification document. System Design helps break down the specific requirements and identify how they fit into the overall system architecture. In this phase, the Testers define a test strategy that specifies what to test in the system design and how.

3. CodingUpon completion of the system design documents, the work is divided into logical modules and actual program coding is started. This may involve more than one Programmer and is typically the longest phase of the software development life cycle.

4. Testing: After the code is developed it is tested against the requirements to make sure that the product is meeting the needs that were defined during the requirements phase.

5. Deployment: Following successful internal testing, an “alpha” version incorporating the new feature/s is deployed to a select group of customers who have agreed, with the understanding that issues may arise, to report their experience. Further changes to the update may be required to address the reported issues. A “controlled release” (beta version) of the update is then provided to a wider customer group. Once the version is deemed stable, it is ready for full customer deployment.

6. Software Maintenance/Updates: The best software is continually evolving and improving – never static. Consequently, software vendors periodically deliver new, improved versions of their software to provide their customers with up-to-date features and integrations. This process is known as “software maintenance” and is offered under different costing models. Software support is often bundled with software maintenance plans to offer a complete service package.

Software Updates, Upgrades & Customization

There is often confusion as to what constitutes a software update, a system upgrade or a customized feature. Service updates are the first form of software updates and consist of “fixes” and/or minor enhancements to existing features as requested by customers or by Software Support team members based on their experience working with customers. 

Software Updates

Small improvements and features provided to the current version of the program are referred to as minor updates (for example version 8.4 to version 8.5). When more significant changes and new features are added to the software, it is termed a major update and correspondingly named as a new version (for example version 8.5 to version 9.0).

Software Upgrades

While an update modifies the current software product, an upgrade totally replaces it with a newer and often more superior version. Upgrades are necessary when new functional demands and requirements cannot be met by simple updates and as a result, typically involve migration to a new operating system, database management system or application platform (such as cloud based).  

Customized Features

A new feature that is provided to a specific customer (usually for a fee) is known as a customization as it is not part of a general software release. An example may be an integration with a third-party software for the purposes of providing workflow synergies between the two applications. Care must be taken to ensure that any customization continues to function when new versions of the dental software are released.   

Conclusion

The challenge for dental practice management software vendors has always been to take a complex product and make is as intuitive and easy to use as possible – without compromising functionality. Similarly, developing new features is not a one-time task but a continuous process software developers must follow.

New dental practice needs and technologies require dental software vendors to be nimble and have proactive systems in place to respond to change and keep their customers satisfied. By having a better understanding of the software development process, dental practices are in a better position to communicate requests to their vendor and ultimately receive the features they need on a regular basis.

Protect Yourself from the Latest Cyber Scams

At first glance, cyber security might not seem like it would be a major concern for dental clinics. After all, their focus is on providing high quality healthcare and making patients as comfortable as possible – so are they really a big target for hackers?

The answer, unfortunately, is yes: because clinics deal in so much private information, and because most clinics are relatively small operations, they have become magnets for cyber criminals looking to steal personal and financial information they can use to turn a profit.

Moreover, research shows that cyber attacks can have a devastating impact on small businesses like dental clinics. According to one study, forty-three percent of cyber attacks target small businesses, sixty percent of which fold within six months of the attack. These are risks that no dental practice can afford to take.   

Earlier this year, I wrote a blog post outlining some of the most common types of cyber attack and explaining some of the ways dental clinics can use practice management software to protect their financial records, patient files and other documents. Today, I want to follow up on that post by exploring ransomware attacks, identity theft schemes and the importance of developing a resilient strategy for weathering cyber attacks.

Ransomware: When Data Becomes a Hostage

In my previous post, I talked about phishing scams and malware that cyber criminals use to steal financial and credit card information. These types of attacks are designed to trick unsuspecting individuals into handing over personal financial information and all dental clinics should be on the lookout for them.

As mentioned in previous blogs, one type of malware – ransomware – has become particularly prominent. Unlike other forms of malware, ransomware doesn’t try to steal information from your database. Instead, it encrypts all the files on a computer’s hard drive and demands payment in return for decryption. Once you have been hit with the ransomware attack, you are forced to choose between having all of your information deleted or paying large sums of money to unlock your data.  

You can learn more about how ransomware has developed, and the unique threat it presents, in this video:

Ransomware is particularly dangerous because it can be difficult to track and cyber criminals are constantly adapting and tweaking their methods for delivering ransomware to your computer.

For this reason, the only real way to protect yourself from a ransomware attack is to make sure that your live data is accessed from cloud servers (rather than an on-site server) and that it gets backed up regularly in the cloud. This will ensure that your data won’t be held hostage due to unauthorized access and that you’ll have reliable copies if you ever need them.

Beware of Identity Theft Data Mining

While we often emphasize the financial costs of hacking, it is especially important for dental clinics to remember that there is another dimension to the problem: because they deal with large amounts of detailed and private information, many hackers will target clinics to mine data they can use for the purposes of identity theft. Consequently, we advise our ABELDent clients to never store sensitive information such as patient credit card numbers on their systems. 

If a cyber criminal gets hold of your patient’s clinical records, this can plunge you into a bureaucratic nightmare for failing to protect confidential healthcare information. Fines and penalties can drain your bank account and interrupt just about every aspect of your life for months on end.

At ABELDent, we have been talking for years about the importance of protecting patient information and recent legal developments only serve to underscore the importance of making sure that dental clinics are taking all necessary precautions to protect against identity theft.

Upgrading to cloud-based practice management software can make a world of difference in this regard, as it’s specifically designed to help healthcare professionals keep their patients’ data safe, while also protecting against data breaches that can lead to potentially ruinous court cases.

How Quickly Can You Bounce Back?

While it’s important to provide as many layers of protection as possible when it comes to cyber security, the chances are high that you will still be the victim of some kind of attack at some point. So, what do you do when that happens?

  1. Having a plan in place is crucial if you want to be able to bounce back quickly from a cyber attack. Evidence shows that clinics that have a system in place are usually able to get back up and running within hours, but only if they have backed their systems up properly and have protocols in place to minimize damage.
  2. Preparing your team so that they know who to call and what to do in the eventuality of a cyber attack is key if you want to make it through an attack unscathed. So take the time to train your staff on the right procedures -and make sure you are regularly backing up your data in secure ways!

Based on the cyber security outlook for 2019 , we’re no closer to preventing the occurrence of cyber crime. In fact, for small businesses like dental clinics, the likelihood of being hit by some kind of cyber attack will probably only increase in the coming year. This is why it’s so important for clinics to take the necessary measures to protect themselves from attacks that can cost tens of thousands of dollars, shut them down permanently and even get them into legal trouble.

In summary, don’t take any chances with your cyber security: backup your data regularly in the cloud. Better still, use a dental practice management system that accesses your live practice data from cloud servers so that it is never stored on-site and susceptible to attacks. You will be much less susceptible to an attack and even in the unlikely event that you are hit, you can recover easily with up-to-date backups. 

How A Cloud Server Platform Can Help Your Dental Practice

Every day, dental clinics across Canada handle a lot of sensitive information. Between patient scheduling, clinical records, financial information, payroll, and co-ordination with other healthcare and insurance providers, dentists and dental hygienists need to know where to find the information they’re looking for at a moment’s notice.  

This means how and where to store information can be a major issue. As anyone who works in a dental clinic knows, the days of keeping patient files in manila folders is long gone for most – but just because clinics use computers now doesn’t mean the storage question has gone away.

As a solution, many clinics have started to backup their practice data in the Cloud. But some practices have told me that they have doubts about the Cloud’s safety. In addition, simply backing up data in the Cloud is only part of the solution and thus only mitigates part of the risk. If the data you access every day to run your practice still resides on a local server, you remain highly vulnerable to cyberattacks. To help, I’ve prepared this brief explanation of how the Cloud works and why using a cloud server is the more secure option for accessing and backing up your dental practice data.

What is the Cloud, Anyway?

In a nutshell, it means that rather than storing and accessing your data from an on-site (local) server, it is stored on powerful offsite servers (known as cloud servers) and accessed via the internet. Depending on the application, it may also be stored and accessed from the cloud server. cloud computing has been around since the 1960s but it’s only in recent years that cloud computing and cloud storage have become widely available. This shift happened when companies like Microsoft, Amazon and Google started marketing cloud storage services to businesses and the public.

Chances are, you already use cloud services a lot more than you think – your last Netflix bingeing session of Stranger Things wouldn’t be possible without this technology. But some dental practice owners are still reluctant to access their records from the Cloud and store backups there because they worry that the Cloud is less secure than storing information on their own computers. But are these concerns actually warranted?

Is the Cloud Server Platform Safe?

The short answer to this question is yes – not only is the Cloud safe, but it actually offers more security than other data access, backup and storage methods.

When you store all of your live data on-site, there are a number of risks. Because your data is literally being stored on hard drives in your office, all someone needs to do is remove the hard drives and all the information stored on them will be lost. Even if you have kept a backup of your data on a separate storage medium, it will only be as up to date as the last time you did a backup. Furthermore, you have no way of knowing if your backup is valid. As a result, on-site data access and storage represents a huge vulnerability for any dental practice.

On-site storage also exposes your data to potential accidents or natural disasters. For example, with offices that experience floods or fires, there is a very real possibility that many years’ worth of information will be lost – particularly if backups are store on-site as well. The old adage about not putting all your eggs in one basket definitely applies here.

Will a Cloud Platform Affect How My Dental Practice Accesses Files?

Yes and no. When you use cloud servers to store your information, you are taking an important step toward preventive theft and loss of data. But this doesn’t mean it will be more difficult to access.

Not only do cloud server solutions store client information more securely, coupled with data encryption, they enable secure integrated, automated, patient communication solutions. These provide a safe and efficient means of information exchange between the practice and patients via email and text, particularly for appointment reminders and confirmation.

Another advantage of cloud computing is convenience: because data is stored in the Cloud rather than on local hard drives, your team members can access information from anywhere, on almost any device. And should there be a data security breach, access devices are not affected. If your workstations are damaged in a natural disaster or fire, all your information is already safely backed up remotely in the Cloud.

For these reasons, cloud-based practice management software is rapidly becoming the platform of choice for dental practices.

Don’t take any chances with your patients’ data; consider switching over to a cloud server solution specifically designed for use by dental practices. If you decide to stay with a local server solution for data storage, at the very least, make sure your practice data is regularly backed up in the cloud.

How Web-based Dental Solutions Protect Against Cyberscamming

Dental clinicians and practitioners face a unique set of challenges day in and day out, from ensuring patient satisfaction to staying on top of technological advancements in the field to maintaining a steady income stream in a increasingly competitive environment.

But a dental practice also faces the hurdle of keeping its staff and patients connected, which exposes them to an altogether different struggle – that of keeping data secure in an age when scammers are working harder than ever to compromise patient information.

The protection and organization of data is a serious matter, and so I’m starting the new year by bringing you up to speed on the rise of phishing and other cyberscamming attempts.

cyberscam protection

Below, I discuss recent scams both in and out of the field of dentistry, and provide some tactics to help you defend yourself.

Gone Phishing

Phishing is the act of impersonating legitimate companies through email or phone contact in an attempt to lure staff or consumers themselves into divulging private, personal information.

Emails will often ask for login credentials and other personal info to solve a vague but urgent problem. Scammers go to great lengths to make the request seem legitimate, which works to build a false sense of security in victims.

The CRA Scam

Consider the recent CRA scam that has already affected 4,000 victims who have lost more than $15 million. This scam takes the form of a call from someone claiming to be from the Canada Revenue Agency, who then threatens victims with arrest for owing back taxes. The scammers will often demand payment in the form of gift cards, cybercurrency, wire transfers or other unorthodox methods of payment.

Up the Amazon Without a Paddle

Meanwhile, the RCMP are issuing warnings about a phishing scam targeting Amazon customers. The police warn about emails sent to customers regarding purchases they never made, complete with receipts of purchase and shipping addresses. By clicking on the ‘details’ button, emails direct victims to a fake Amazon login page that then attempts to steal credit card information.

Cyberscams with Teeth

The dental industry is not impervious to these threats, either. In 2015, an Oregon dental services company reported that a hacker had breached their system, accessing the information of more than 151,000 patients. The pinched data included patient names, social security numbers, phone numbers and addresses, as well as birth dates.

The hackers leveraged malware in order to obtain an employee’s username and password which gave them access to the company’s membership database.

protection from hackers

Protect Yourself

I can hear you asking, how do I protect myself against these threats? If you want to keep your personal or financial records safe from scammers, this simple but effective list of considerations will really help keep your info safe from compromise.

  • Don’t reply to any email that requests you to enter your personal or financial information
  • Check the hyperlink by hovering your mouse over the link to verify the address. If the email claims to be coming from Aeroplan, verify that the site is indeed Aeroplan.com or .ca
  • Contact your bank or financial institution immediately if the email or phone call claims that you owe money. Banks compile info on these scams and reporting the incident can help bring down the predators
  • Get in touch with Equifax or TransUnion to place a fraud alert on your name if you suspect you might be the victim of attempted identity theft

If you run a dental practice, and you’re worried about keeping your financial records, patient files, schedules, and other documents secure, it pays to partner with a company that understands the nuances of cybercrime.

Servers aren’t always secure, and your digital dental office staff are only human and are not invulnerable to sophisticated phishing scams, so it pays to add another layer of defence. Services are available that offer safe encryption of your data and advanced cloud storage. Data is protected from attacks but can quickly be restored with up to date backups if necessary.

If you feel that you are the target of a cyberscam, take your time and remember to be cautious. When dealing with any company, including a government agency like the CRA, you have the right to request written information, ask for a call back number, and demand time to think over the situation. A real company will be trying to solve a problem, and will show patience. Scammers around the world are all the same – they will want to part you from your money as soon as possible.

And if you run a dental practice, remember that safe, reliable web based dental solutions are available and becoming increasingly the platform of choice.

An innocent-looking email can play serious tricks on your Dental Practice.

Every year about this time, our Social Committee starts revving up the excitement about our annual Halloween costume contest. Thoughts turn to the ghoulish and creepy, but to me, there’s nothing more off-putting than cybercrime. Especially when it comes to attacking dental practice data, ransomware tops the nasty list.

The stress, expense and loss of revenue are only part of the problem. Consider patient safety, potential breach exposure, government fines, tarnished reputations and governing body reprimands… the risks are immense.

With all the precautionary information circulating about data protection and software security, one might expect hacking thievery to be on the decline. Not so. It is actually reported to be on the rise!

I was shocked to hear just a couple of weeks ago about an alarming data hostage situation at the City of Midland, about an hour’s drive north of Toronto. A data hack and ransom demand affected the City’s computer operations, leaving the population of 16,000 without access to a number of important services. The City paid the bitcoin ransom for the decryption key and was back in business in two days.

Earlier this year, the City of Atlanta suffered devastating and expensive damage at the hands of a cyber attacker. Reportedly, decades of documents were lost and the City is still racking up millions in restoration costs, in addition to the $2 million just to fix the original problem caused by the hack.

We seem to be learning the hard way that no business is off limits to hackers who want to rake in easy money. And the anonymity of cryptocurrency is making them more difficult to catch. As an ounce of prevention, I’m re-posting my list of security measures and recommend that you share it within your dental practice as a reminder:

  1. Use a reputable email service provider with both anti-virus and anti-malware security built in. A good email product has layers of filtering to block, quarantine or eliminate bad files from ever reaching the desktop.
  2. Secure a personalized domain for your practice (name@PracticeName.com).
  3. Train yourself and your staff to recognize the warning signs of non-legitimate emails:

– an email is unexpected and the sender name not recognized
– there are obvious spelling, grammar and language mistakes
– a legitimate company logo is mimicked, appears warped, blurred, stretched, etc.
– a different url appears if you hover your mouse over the “From” address or link
– the subject does not make sense in the context of your business/practice

  1. Never follow unknown or suspicious links.
  2. Do not open attachments from an unknown sender, or if any aspect of the email seems strange. Examine zip files carefully; do not open .exe files. When in doubt, verify with the sender.
  3. Be wary about websites visited. Ensure all users stay on legitimate business sites, not distracted by ads, banners and pop-ups.
  4. Have at least two backups. Rotate daily and weekly backup files. Keep one offsite to protect your data from physical threats like fire, theft, or flood. Backups MUST be encrypted and you MUST safeguard the encryption key (password to decrypt).
  5. Have the backup data verified quarterly. This is like simulating a disaster; restoring your data from the backup to make sure that it works! Simply checking the backup notification is not data verification.

If you haven’t already spoken to us about protection, backup, data verification and recovery, click here to learn more and take action right away. Malware is everywhere and does not limit its ghoulish behaviour to one day in October.

If your practice has managed to avoid cyber threats and ransomware, outfit your IT team with superhero capes! Pamper them with some caramels and candy apples. Then treat them to this blog post to reinforce the importance of keeping up the good work.

Healthcare Data Security Statistics that May Surprise You

Have you noticed the influx of Updated Privacy Policy notifications in your inbox?

Companies in the European Union – and any company anywhere with EU customers – are scrambling to meet the General Data Protection Regulation (GDPR) compliance deadlines. It’s just a matter of time before stricter privacy control legislation is imposed in other parts of the world.

The protection of personal data is an increasingly hot topic. With every news report of lost, stolen or hacked data, we all become a little more uneasy. Businesses ramp up their focus on protecting their clients, and customers focus on themselves.

With recent high-profile breaches of protected health information (PHI) at companies like Anthem and Allscripts, consumers are more worried than ever about their personal data being compromised. It seems to be a double-edged sword. Consumers are wary of sharing personal information – financial and health-related data top the list. Yet as patients, we expect health professionals to have complete access to our health profiles and background in order to make critical diagnoses, quickly.

The very nature of this information makes the healthcare industry a prime and profitable target for criminals. As you would expect, data security for the users of our dental and medical practice management software has always been a priority.

So naturally, I was intrigued by the findings of Verizon’s 2018 Protected Health Information (PHI) Data Breach Report. I came across a recent article by Suzanne Widup of Verizon’s Security Research Team summarizing findings from 1,368 incidents within the healthcare sector covering 27 countries. Interestingly…

  • 58 % of incidents involved insiders. Whether driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 %); curiosity in looking up the personal records of celebrities or family members (31 %); or simple convenience (10 %), poor internal controls pose a major threat to an organization.
  • 70 % of incidents involving malicious code within the healthcare sector were ransomware infections.
  • 27 % of incidents related to PHI printed on paper. Cyber hacking may be in the news, but it seems real breach activity can also be found in the paper trail. Mailed or faxed prescription information, billing statements, copies of ID and insurance cards… these printed documents are commonly mis-delivered, lost or thrown away without shredding.
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI.

At ABELSoft, our Privacy and Security Specialists are intimately involved at every step of product development and quality control. They champion control and vigilance with internal stakeholders as well as with every software user. Here are several short- and long-term measures suggested by Verizon and by our internal team to lessen the risk of some of these challenges.

a. Full Disk Encryption provides an effective and relatively low-cost method of keeping data out of the hands of criminals.

b. Integrated controls (like ABELSoft’s Authorization Manager, for example) define user roles and access requirements.

c. Documented policies and procedures that mandate routine monitoring of internal access demonstrate commitment to vigilance and repercussions.

d. Staff education regarding these policies is critical.

e. Preventive controls for defending against malware installation are key, as is minimizing the impact that ransomware could have against your network.

f. Unfortunately, ransomware attacks will not always be prevented. There are cases where protective technology gets breached and humans get misled. Good backups become the only recourse when preventative measures fail (other than paying the ransom or starting over, which are both unacceptable solutions).

g. Practices should work towards a reduction of paper-based PHI in their environments, and establish a holistic risk management program that protects not only ePHI, but also other sensitive data that they store and process.

As much as we like to think that we have become cyber-aware and digitally vigilant, we know that hackers and sophisticated criminals will try to get past our defenses. We cannot assume that our team members intuitively understand the importance of privacy and security of healthcare data. They must be educated, reminded and monitored to make sure that you remain the reader of cybercrime news reports… and not the subject.

Read the 2018 Protected Health Information Data Breach Report

Related Posts:

3 keys to cyber security: protect, detect and respond

Pharming and Phishing and Smishing… what next? (re-post)

In Control… or not? It’s up to you

Going Cloud: Three Common Myths Busted

The more I discuss cloud computing with dental practitioners, the more I recognize that there’s as much dis-information floating around as there are facts you can count on.

Moving to a cloud-hosted model is a big decision. Most companies choose it for business agility and cost savings. But there are drawbacks to consider. That’s why ABELDent now features a hybrid solution: Our practice management software users can enjoy all the advantages while minimizing the risk.

To help you separate fact from fiction and support any level of migration to the cloud, I thought it might be helpful to share the truth about the most common myths:

  1. If our data moves to the cloud, our business will no longer have control over our technology.Not so!  You still have total control over technology, but your IT department won’t have to worry about constant updates. The time they’re now spending on maintenance and software upgrades will be significantly reduced, allowing them to focus on advancing your organization’s technology and business operations.

    Instead of spending your capital budget on servers, you can think strategically about reinvesting those funds into growth initiatives. (Hmm… what else could I do with those savings?)

  2. Keeping our data on premise is safer than in the cloud.Not so!  It’s becoming increasingly clear that companies are routinely hacked without ever knowing it. Your practice may have a security expert, or use the services of a third-party professional. However, most companies can rarely assemble a team large enough to uncover and protect against the hundreds of possible alerts that come through each day.

    Cloud data centres like Microsoft Azure – our proven choice – are singularly focused on security and built with scale in mind. A dedicated team maintains security at the pinnacle of industry standards, using a wide range of processes and regulatory compliance expertise, to prevent, detect and mitigate breaches.

  3. Corporate spies, cyber thieves and governments will have access to my data if it is in the cloud.Not so!  This is a top fear about the cloud among many businesses, but it is unfounded. It’s your data, not anyone else’s. You determine access and options, rights and privacy restrictions. Strict controls and design elements prevent your data from mingling with that of other organizations. Physical access to data centres is secured and monitored continuously, and all data centre staff must follow stringent data access protocols.

    A respected provider like MS Azure guarantees that your data will not be mined for advertising or for any purpose other than providing services you have paid for. If you choose to leave the service, you take your data with you.

The more I learn, the more the benefits of cloud computing make solid business sense, especially within the context of our hybrid solution for dental practitioners. As always, we’ve dedicated our development resources to making sure we address the needs, concerns and real-world priorities of our users. Read more about our Best of Both Worlds solution. And please share this with any colleagues who need help separating fact from fiction when it comes to the cloud. It’s good to be on the same page: You’ll save time by not having to argue about these myths.