Protect Yourself from the Latest Cyber Scams

At first glance, cyber security might not seem like it would be a major concern for dental clinics. After all, their focus is on providing high quality healthcare and making patients as comfortable as possible – so are they really a big target for hackers?

The answer, unfortunately, is yes: because clinics deal in so much private information, and because most clinics are relatively small operations, they have become magnets for cyber criminals looking to steal personal and financial information they can use to turn a profit.

Moreover, research shows that cyber attacks can have a devastating impact on small businesses like dental clinics. According to one study, forty-three percent of cyber attacks target small businesses, sixty percent of which fold within six months of the attack. These are risks that no dental practice can afford to take.   

Earlier this year, I wrote a blog post outlining some of the most common types of cyber attack and explaining some of the ways dental clinics can use practice management software to protect their financial records, patient files and other documents. Today, I want to follow up on that post by exploring ransomware attacks, identity theft schemes and the importance of developing a resilient strategy for weathering cyber attacks.

Ransomware: When Data Becomes a Hostage

In my previous post, I talked about phishing scams and malware that cyber criminals use to steal financial and credit card information. These types of attacks are designed to trick unsuspecting individuals into handing over personal financial information and all dental clinics should be on the lookout for them.

As mentioned in previous blogs, one type of malware – ransomware – has become particularly prominent. Unlike other forms of malware, ransomware doesn’t try to steal information from your database. Instead, it encrypts all the files on a computer’s hard drive and demands payment in return for decryption. Once you have been hit with the ransomware attack, you are forced to choose between having all of your information deleted or paying large sums of money to unlock your data.  

You can learn more about how ransomware has developed, and the unique threat it presents, in this video:

Ransomware is particularly dangerous because it can be difficult to track and cyber criminals are constantly adapting and tweaking their methods for delivering ransomware to your computer.

For this reason, the only real way to protect yourself from a ransomware attack is to make sure that your live data is accessed from cloud servers (rather than an on-site server) and that it gets backed up regularly in the cloud. This will ensure that your data won’t be held hostage due to unauthorized access and that you’ll have reliable copies if you ever need them.

Beware of Identity Theft Data Mining

While we often emphasize the financial costs of hacking, it is especially important for dental clinics to remember that there is another dimension to the problem: because they deal with large amounts of detailed and private information, many hackers will target clinics to mine data they can use for the purposes of identity theft. Consequently, we advise our ABELDent clients to never store sensitive information such as patient credit card numbers on their systems. 

If a cyber criminal gets hold of your patient’s clinical records, this can plunge you into a bureaucratic nightmare for failing to protect confidential healthcare information. Fines and penalties can drain your bank account and interrupt just about every aspect of your life for months on end.

At ABELDent, we have been talking for years about the importance of protecting patient information and recent legal developments only serve to underscore the importance of making sure that dental clinics are taking all necessary precautions to protect against identity theft.

Upgrading to cloud-based practice management software can make a world of difference in this regard, as it’s specifically designed to help healthcare professionals keep their patients’ data safe, while also protecting against data breaches that can lead to potentially ruinous court cases.

How Quickly Can You Bounce Back?

While it’s important to provide as many layers of protection as possible when it comes to cyber security, the chances are high that you will still be the victim of some kind of attack at some point. So, what do you do when that happens?

  1. Having a plan in place is crucial if you want to be able to bounce back quickly from a cyber attack. Evidence shows that clinics that have a system in place are usually able to get back up and running within hours, but only if they have backed their systems up properly and have protocols in place to minimize damage.
  2. Preparing your team so that they know who to call and what to do in the eventuality of a cyber attack is key if you want to make it through an attack unscathed. So take the time to train your staff on the right procedures -and make sure you are regularly backing up your data in secure ways!

Based on the cyber security outlook for 2019 , we’re no closer to preventing the occurrence of cyber crime. In fact, for small businesses like dental clinics, the likelihood of being hit by some kind of cyber attack will probably only increase in the coming year. This is why it’s so important for clinics to take the necessary measures to protect themselves from attacks that can cost tens of thousands of dollars, shut them down permanently and even get them into legal trouble.

In summary, don’t take any chances with your cyber security: backup your data regularly in the cloud. Better still, use a dental practice management system that accesses your live practice data from cloud servers so that it is never stored on-site and susceptible to attacks. You will be much less susceptible to an attack and even in the unlikely event that you are hit, you can recover easily with up-to-date backups. 

How A Cloud Server Platform Can Help Your Dental Practice

Every day, dental clinics across Canada handle a lot of sensitive information. Between patient scheduling, clinical records, financial information, payroll, and co-ordination with other healthcare and insurance providers, dentists and dental hygienists need to know where to find the information they’re looking for at a moment’s notice.  

This means how and where to store information can be a major issue. As anyone who works in a dental clinic knows, the days of keeping patient files in manila folders is long gone for most – but just because clinics use computers now doesn’t mean the storage question has gone away.

As a solution, many clinics have started to backup their practice data in the Cloud. But some practices have told me that they have doubts about the Cloud’s safety. In addition, simply backing up data in the Cloud is only part of the solution and thus only mitigates part of the risk. If the data you access every day to run your practice still resides on a local server, you remain highly vulnerable to cyberattacks. To help, I’ve prepared this brief explanation of how the Cloud works and why using a cloud server is the more secure option for accessing and backing up your dental practice data.

What is the Cloud, Anyway?

In a nutshell, it means that rather than storing and accessing your data from an on-site (local) server, it is stored on powerful offsite servers (known as cloud servers) and accessed via the internet. Depending on the application, it may also be stored and accessed from the cloud server. cloud computing has been around since the 1960s but it’s only in recent years that cloud computing and cloud storage have become widely available. This shift happened when companies like Microsoft, Amazon and Google started marketing cloud storage services to businesses and the public.

Chances are, you already use cloud services a lot more than you think – your last Netflix bingeing session of Stranger Things wouldn’t be possible without this technology. But some dental practice owners are still reluctant to access their records from the Cloud and store backups there because they worry that the Cloud is less secure than storing information on their own computers. But are these concerns actually warranted?

Is the Cloud Server Platform Safe?

The short answer to this question is yes – not only is the Cloud safe, but it actually offers more security than other data access, backup and storage methods.

When you store all of your live data on-site, there are a number of risks. Because your data is literally being stored on hard drives in your office, all someone needs to do is remove the hard drives and all the information stored on them will be lost. Even if you have kept a backup of your data on a separate storage medium, it will only be as up to date as the last time you did a backup. Furthermore, you have no way of knowing if your backup is valid. As a result, on-site data access and storage represents a huge vulnerability for any dental practice.

On-site storage also exposes your data to potential accidents or natural disasters. For example, with offices that experience floods or fires, there is a very real possibility that many years’ worth of information will be lost – particularly if backups are store on-site as well. The old adage about not putting all your eggs in one basket definitely applies here.

Will a Cloud Platform Affect How My Dental Practice Accesses Files?

Yes and no. When you use cloud servers to store your information, you are taking an important step toward preventive theft and loss of data. But this doesn’t mean it will be more difficult to access.

Not only do cloud server solutions store client information more securely, coupled with data encryption, they enable secure integrated, automated, patient communication solutions. These provide a safe and efficient means of information exchange between the practice and patients via email and text, particularly for appointment reminders and confirmation.

Another advantage of cloud computing is convenience: because data is stored in the Cloud rather than on local hard drives, your team members can access information from anywhere, on almost any device. And should there be a data security breach, access devices are not affected. If your workstations are damaged in a natural disaster or fire, all your information is already safely backed up remotely in the Cloud.

For these reasons, cloud-based practice management software is rapidly becoming the platform of choice for dental practices.

Don’t take any chances with your patients’ data; consider switching over to a cloud server solution specifically designed for use by dental practices. If you decide to stay with a local server solution for data storage, at the very least, make sure your practice data is regularly backed up in the cloud.

How Web-based Dental Solutions Protect Against Cyberscamming

Dental clinicians and practitioners face a unique set of challenges day in and day out, from ensuring patient satisfaction to staying on top of technological advancements in the field to maintaining a steady income stream in a increasingly competitive environment.

But a dental practice also faces the hurdle of keeping its staff and patients connected, which exposes them to an altogether different struggle – that of keeping data secure in an age when scammers are working harder than ever to compromise patient information.

The protection and organization of data is a serious matter, and so I’m starting the new year by bringing you up to speed on the rise of phishing and other cyberscamming attempts.

cyberscam protection

Below, I discuss recent scams both in and out of the field of dentistry, and provide some tactics to help you defend yourself.

Gone Phishing

Phishing is the act of impersonating legitimate companies through email or phone contact in an attempt to lure staff or consumers themselves into divulging private, personal information.

Emails will often ask for login credentials and other personal info to solve a vague but urgent problem. Scammers go to great lengths to make the request seem legitimate, which works to build a false sense of security in victims.

The CRA Scam

Consider the recent CRA scam that has already affected 4,000 victims who have lost more than $15 million. This scam takes the form of a call from someone claiming to be from the Canada Revenue Agency, who then threatens victims with arrest for owing back taxes. The scammers will often demand payment in the form of gift cards, cybercurrency, wire transfers or other unorthodox methods of payment.

Up the Amazon Without a Paddle

Meanwhile, the RCMP are issuing warnings about a phishing scam targeting Amazon customers. The police warn about emails sent to customers regarding purchases they never made, complete with receipts of purchase and shipping addresses. By clicking on the ‘details’ button, emails direct victims to a fake Amazon login page that then attempts to steal credit card information.

Cyberscams with Teeth

The dental industry is not impervious to these threats, either. In 2015, an Oregon dental services company reported that a hacker had breached their system, accessing the information of more than 151,000 patients. The pinched data included patient names, social security numbers, phone numbers and addresses, as well as birth dates.

The hackers leveraged malware in order to obtain an employee’s username and password which gave them access to the company’s membership database.

protection from hackers

Protect Yourself

I can hear you asking, how do I protect myself against these threats? If you want to keep your personal or financial records safe from scammers, this simple but effective list of considerations will really help keep your info safe from compromise.

  • Don’t reply to any email that requests you to enter your personal or financial information
  • Check the hyperlink by hovering your mouse over the link to verify the address. If the email claims to be coming from Aeroplan, verify that the site is indeed Aeroplan.com or .ca
  • Contact your bank or financial institution immediately if the email or phone call claims that you owe money. Banks compile info on these scams and reporting the incident can help bring down the predators
  • Get in touch with Equifax or TransUnion to place a fraud alert on your name if you suspect you might be the victim of attempted identity theft

If you run a dental practice, and you’re worried about keeping your financial records, patient files, schedules, and other documents secure, it pays to partner with a company that understands the nuances of cybercrime.

Servers aren’t always secure, and your digital dental office staff are only human and are not invulnerable to sophisticated phishing scams, so it pays to add another layer of defence. Services are available that offer safe encryption of your data and advanced cloud storage. Data is protected from attacks but can quickly be restored with up to date backups if necessary.

If you feel that you are the target of a cyberscam, take your time and remember to be cautious. When dealing with any company, including a government agency like the CRA, you have the right to request written information, ask for a call back number, and demand time to think over the situation. A real company will be trying to solve a problem, and will show patience. Scammers around the world are all the same – they will want to part you from your money as soon as possible.

And if you run a dental practice, remember that safe, reliable web based dental solutions are available and becoming increasingly the platform of choice.

 

An innocent-looking email can play serious tricks on your Dental Practice.

Every year about this time, our Social Committee starts revving up the excitement about our annual Halloween costume contest. Thoughts turn to the ghoulish and creepy, but to me, there’s nothing more off-putting than cybercrime. Especially when it comes to attacking dental practice data, ransomware tops the nasty list.

The stress, expense and loss of revenue are only part of the problem. Consider patient safety, potential breach exposure, government fines, tarnished reputations and governing body reprimands… the risks are immense.

With all the precautionary information circulating about data protection and software security, one might expect hacking thievery to be on the decline. Not so. It is actually reported to be on the rise!

I was shocked to hear just a couple of weeks ago about an alarming data hostage situation at the City of Midland, about an hour’s drive north of Toronto. A data hack and ransom demand affected the City’s computer operations, leaving the population of 16,000 without access to a number of important services. The City paid the bitcoin ransom for the decryption key and was back in business in two days.

Earlier this year, the City of Atlanta suffered devastating and expensive damage at the hands of a cyber attacker. Reportedly, decades of documents were lost and the City is still racking up millions in restoration costs, in addition to the $2 million just to fix the original problem caused by the hack.

We seem to be learning the hard way that no business is off limits to hackers who want to rake in easy money. And the anonymity of cryptocurrency is making them more difficult to catch. As an ounce of prevention, I’m re-posting my list of security measures and recommend that you share it within your dental practice as a reminder:

  1. Use a reputable email service provider with both anti-virus and anti-malware security built in. A good email product has layers of filtering to block, quarantine or eliminate bad files from ever reaching the desktop.
  2. Secure a personalized domain for your practice (name@PracticeName.com).
  3. Train yourself and your staff to recognize the warning signs of non-legitimate emails:

– an email is unexpected and the sender name not recognized
– there are obvious spelling, grammar and language mistakes
– a legitimate company logo is mimicked, appears warped, blurred, stretched, etc.
– a different url appears if you hover your mouse over the “From” address or link
– the subject does not make sense in the context of your business/practice

  1. Never follow unknown or suspicious links.
  2. Do not open attachments from an unknown sender, or if any aspect of the email seems strange. Examine zip files carefully; do not open .exe files. When in doubt, verify with the sender.
  3. Be wary about websites visited. Ensure all users stay on legitimate business sites, not distracted by ads, banners and pop-ups.
  4. Have at least two backups. Rotate daily and weekly backup files. Keep one offsite to protect your data from physical threats like fire, theft, or flood. Backups MUST be encrypted and you MUST safeguard the encryption key (password to decrypt).
  5. Have the backup data verified quarterly. This is like simulating a disaster; restoring your data from the backup to make sure that it works! Simply checking the backup notification is not data verification.

If you haven’t already spoken to us about protection, backup, data verification and recovery, click here to learn more and take action right away. Malware is everywhere and does not limit its ghoulish behaviour to one day in October.

If your practice has managed to avoid cyber threats and ransomware, outfit your IT team with superhero capes! Pamper them with some caramels and candy apples. Then treat them to this blog post to reinforce the importance of keeping up the good work.

Healthcare Data Security Statistics that May Surprise You

Have you noticed the influx of Updated Privacy Policy notifications in your inbox?

Companies in the European Union – and any company anywhere with EU customers – are scrambling to meet the General Data Protection Regulation (GDPR) compliance deadlines. It’s just a matter of time before stricter privacy control legislation is imposed in other parts of the world.

The protection of personal data is an increasingly hot topic. With every news report of lost, stolen or hacked data, we all become a little more uneasy. Businesses ramp up their focus on protecting their clients, and customers focus on themselves.

With recent high-profile breaches of protected health information (PHI) at companies like Anthem and Allscripts, consumers are more worried than ever about their personal data being compromised. It seems to be a double-edged sword. Consumers are wary of sharing personal information – financial and health-related data top the list. Yet as patients, we expect health professionals to have complete access to our health profiles and background in order to make critical diagnoses, quickly.

The very nature of this information makes the healthcare industry a prime and profitable target for criminals. As you would expect, data security for the users of our dental and medical practice management software has always been a priority.

So naturally, I was intrigued by the findings of Verizon’s 2018 Protected Health Information (PHI) Data Breach Report. I came across a recent article by Suzanne Widup of Verizon’s Security Research Team summarizing findings from 1,368 incidents within the healthcare sector covering 27 countries. Interestingly…

  • 58 % of incidents involved insiders. Whether driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 %); curiosity in looking up the personal records of celebrities or family members (31 %); or simple convenience (10 %), poor internal controls pose a major threat to an organization.
  • 70 % of incidents involving malicious code within the healthcare sector were ransomware infections.
  • 27 % of incidents related to PHI printed on paper. Cyber hacking may be in the news, but it seems real breach activity can also be found in the paper trail. Mailed or faxed prescription information, billing statements, copies of ID and insurance cards… these printed documents are commonly mis-delivered, lost or thrown away without shredding.
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI.

At ABELSoft, our Privacy and Security Specialists are intimately involved at every step of product development and quality control. They champion control and vigilance with internal stakeholders as well as with every software user. Here are several short- and long-term measures suggested by Verizon and by our internal team to lessen the risk of some of these challenges.

a. Full Disk Encryption provides an effective and relatively low-cost method of keeping data out of the hands of criminals.

b. Integrated controls (like ABELSoft’s Authorization Manager, for example) define user roles and access requirements.

c. Documented policies and procedures that mandate routine monitoring of internal access demonstrate commitment to vigilance and repercussions.

d. Staff education regarding these policies is critical.

e. Preventive controls for defending against malware installation are key, as is minimizing the impact that ransomware could have against your network.

f. Unfortunately, ransomware attacks will not always be prevented. There are cases where protective technology gets breached and humans get misled. Good backups become the only recourse when preventative measures fail (other than paying the ransom or starting over, which are both unacceptable solutions).

g. Practices should work towards a reduction of paper-based PHI in their environments, and establish a holistic risk management program that protects not only ePHI, but also other sensitive data that they store and process.

As much as we like to think that we have become cyber-aware and digitally vigilant, we know that hackers and sophisticated criminals will try to get past our defenses. We cannot assume that our team members intuitively understand the importance of privacy and security of healthcare data. They must be educated, reminded and monitored to make sure that you remain the reader of cybercrime news reports… and not the subject.

Read the 2018 Protected Health Information Data Breach Report

Related Posts:

3 keys to cyber security: protect, detect and respond

Pharming and Phishing and Smishing… what next? (re-post)

In Control… or not? It’s up to you

Going Cloud: Three Common Myths Busted

The more I discuss cloud computing with dental practitioners, the more I recognize that there’s as much dis-information floating around as there are facts you can count on.

Moving to a cloud-hosted model is a big decision. Most companies choose it for business agility and cost savings. But there are drawbacks to consider. That’s why ABELDent now features a hybrid solution: Our practice management software users can enjoy all the advantages while minimizing the risk.

To help you separate fact from fiction and support any level of migration to the cloud, I thought it might be helpful to share the truth about the most common myths:

  1. If our data moves to the cloud, our business will no longer have control over our technology.Not so!  You still have total control over technology, but your IT department won’t have to worry about constant updates. The time they’re now spending on maintenance and software upgrades will be significantly reduced, allowing them to focus on advancing your organization’s technology and business operations.

    Instead of spending your capital budget on servers, you can think strategically about reinvesting those funds into growth initiatives. (Hmm… what else could I do with those savings?)

  2. Keeping our data on premise is safer than in the cloud.Not so!  It’s becoming increasingly clear that companies are routinely hacked without ever knowing it. Your practice may have a security expert, or use the services of a third-party professional. However, most companies can rarely assemble a team large enough to uncover and protect against the hundreds of possible alerts that come through each day.

    Cloud data centres like Microsoft Azure – our proven choice – are singularly focused on security and built with scale in mind. A dedicated team maintains security at the pinnacle of industry standards, using a wide range of processes and regulatory compliance expertise, to prevent, detect and mitigate breaches.

  3. Corporate spies, cyber thieves and governments will have access to my data if it is in the cloud.Not so!  This is a top fear about the cloud among many businesses, but it is unfounded. It’s your data, not anyone else’s. You determine access and options, rights and privacy restrictions. Strict controls and design elements prevent your data from mingling with that of other organizations. Physical access to data centres is secured and monitored continuously, and all data centre staff must follow stringent data access protocols.

    A respected provider like MS Azure guarantees that your data will not be mined for advertising or for any purpose other than providing services you have paid for. If you choose to leave the service, you take your data with you.

The more I learn, the more the benefits of cloud computing make solid business sense, especially within the context of our hybrid solution for dental practitioners. As always, we’ve dedicated our development resources to making sure we address the needs, concerns and real-world priorities of our users. Read more about our Best of Both Worlds solution. And please share this with any colleagues who need help separating fact from fiction when it comes to the cloud. It’s good to be on the same page: You’ll save time by not having to argue about these myths.

Once just a Threat to Dental Practices, Ransomware has hit Prime Time!

This is my third blog post about cybercrime – ransomware specifically – and the danger it poses to your dental practice management software and data. Last year, I reported that the security company McAfee had charted a 165% year-on-year increase in ransomware attacks.

I also passed along OntarioMD’s bulletin advising extra vigilance about data security; since then, I had not heard of any specific incident involving this nasty activity. Until the middle of December, that is, when I sat down to watch one of my favourite TV shows. I find Grey’s Anatomy quite informative, as guilty-pleasure TV goes. The episode dealt with a data hostage crisis that shut down all electronic systems from OR monitors and equipment to ICU life-support systems and code-locked supply closets and exits. The season-ending cliff hanger saw the Chief of Staff and the FBI at loggerheads over negotiating a multi-million bitcoin ransom exchange. Cannot wait for Part 2.

Grey Sloan Memorial’s life-threatening cybercrime makes for great TV, but it is the kind of drama you definitely don’t want or need. Your practice data is your lifeline to the health of your business. Awareness, protection and vigilance are essential for prevention.

FYI, here’s a link to the bulletin offering good advice about how to deal with such a threat and, more important, steps to take to protect your dental practice in the first place. In addition, some great security tips I assembled for last year’s post. Always worth repeating!