How Cloud Storage Can Help Your Dental Practice

Every day, dental clinics across Canada handle a lot of sensitive information. Between patient scheduling, clinical records, financial information, payroll, and co-ordination with other healthcare and insurance providers, dentists and dental hygienists need to know where to find the information they’re looking for at a moment’s notice.  

This means information storage can be a major issue. As anyone who works in a dental clinic knows, the days of keeping patient files in manila folders is long gone for most – but just because clinics use computers now doesn’t mean the storage question has gone away.

As a solution, many clinics have started to backup their practice data in the Cloud. But some practices have told me that they have doubts about the Cloud’s safety. In addition, simply backing up data in the cloud is only part of the solution and thus only mitigates part of the risk. If the data you access everyday to run your practice still resides on a local server, you remain highly vulnerable to cyberattacks. To help, I’ve prepared this brief explanation of how the Cloud works and why using a Cloud server is the more secure option for accessing and backing up your dental practice data.  

What is the Cloud, Anyway?

Cloud computing has been around since the 1960s but it’s only in recent years that Cloud computing and Cloud storage have become widely available. This shift happened when companies like Amazon and Google started marketing Cloud storage services to businesses and the public. 

When you store your live data in the Cloud it’s possible to access your documents, files or records from most devices, making it much easier to transfer and locate information of all kinds. Here’s a video explaining how this works:

Chances are, you already use  Cloud services a lot more than you think – your last Netflix bingeing session of Stranger Things wouldn’t be possible without this technology. But some dental practice owners are still reluctant to access their records from the Cloud and store backups there because they worry that the Cloud is less secure than storing information on their own computers. But are these concerns actually warranted?

Is the Cloud Safe?

The short answer to this question is yes – not only is the Cloud safe, but it actually offers more security than other storage methods.

When you store all of your data on-site, there are a number of risks. Because your data is literally being stored on hard drives in your office, all someone needs to do is remove the hard drives and all the information stored on them will be lost. Even if you have kept a backup of your data on a separate storage medium, it will only be as up to date as the last time you did a backup. Furthermore, you have no way of knowing if your backup is valid. As a result, on-site data storage represents a huge vulnerability for any dental practice.

On-site storage also exposes your data to potential accidents or natural disasters. For example, with offices that experience floods or fires, there is a very real possibility that many years’ worth of information will be lost – particularly if backups are store on-site as well. The old adage about not putting all your eggs in one basket definitely applies here.

Will Cloud Storage Affect How My Dental Practice Accesses Files?

Yes and no. When you use cloud software to store your information, you are taking an important step toward preventive theft and loss of data. But this doesn’t mean it will be more difficult to access.

In fact, the right cloud solutions are designed specifically to help dental practices manage their information more efficiently. Not only do cloud server solutions store client information more securely, coupled with data encryption, they enable integrated automated patient communication solutions. These provide a safe and efficient means of information exchange between the practice and patients via email and text – particularly for appointment reminders and confirmation.     

Another advantage of Cloud computing is convenience: because data is stored in the Cloud rather than on local hard drives, your team members can access information from anywhere, on almost any device. And should there be a data security breach, access devices are not affected. If your workstations are damaged in a natural disaster or fire, all your information is already safely backed up remotely in the Cloud.

For these reasons, cloud-based practice management software is rapidly becoming the platform of choice for dental practices. 

Don’t take any chances with your patients’ data; consider switching over to a cloud server solution specifically designed for use by dental practices. If you decide to stay with a local server solution for data storage, at the very least, make sure your practice date is regularly backed up in the cloud. 

How Web-based Dental Solutions Protect Against Cyberscamming

Dental clinicians and practitioners face a unique set of challenges day in and day out, from ensuring patient satisfaction to staying on top of technological advancements in the field to maintaining a steady income stream in a increasingly competitive environment.

But a dental practice also faces the hurdle of keeping its staff and patients connected, which exposes them to an altogether different struggle – that of keeping data secure in an age when scammers are working harder than ever to compromise patient information.

The protection and organization of data is a serious matter, and so I’m starting the new year by bringing you up to speed on the rise of phishing and other cyberscamming attempts.

cyberscam protection

Below, I discuss recent scams both in and out of the field of dentistry, and provide some tactics to help you defend yourself.

Gone Phishing

Phishing is the act of impersonating legitimate companies through email or phone contact in an attempt to lure staff or consumers themselves into divulging private, personal information.

Emails will often ask for login credentials and other personal info to solve a vague but urgent problem. Scammers go to great lengths to make the request seem legitimate, which works to build a false sense of security in victims.

The CRA Scam

Consider the recent CRA scam that has already affected 4,000 victims who have lost more than $15 million. This scam takes the form of a call from someone claiming to be from the Canada Revenue Agency, who then threatens victims with arrest for owing back taxes. The scammers will often demand payment in the form of gift cards, cybercurrency, wire transfers or other unorthodox methods of payment.

Up the Amazon Without a Paddle

Meanwhile, the RCMP are issuing warnings about a phishing scam targeting Amazon customers. The police warn about emails sent to customers regarding purchases they never made, complete with receipts of purchase and shipping addresses. By clicking on the ‘details’ button, emails direct victims to a fake Amazon login page that then attempts to steal credit card information.

Cyberscams with Teeth

The dental industry is not impervious to these threats, either. In 2015, an Oregon dental services company reported that a hacker had breached their system, accessing the information of more than 151,000 patients. The pinched data included patient names, social security numbers, phone numbers and addresses, as well as birth dates.

The hackers leveraged malware in order to obtain an employee’s username and password which gave them access to the company’s membership database.

protection from hackers

Protect Yourself

I can hear you asking, how do I protect myself against these threats? If you want to keep your personal or financial records safe from scammers, this simple but effective list of considerations will really help keep your info safe from compromise.

  • Don’t reply to any email that requests you to enter your personal or financial information
  • Check the hyperlink by hovering your mouse over the link to verify the address. If the email claims to be coming from Aeroplan, verify that the site is indeed Aeroplan.com or .ca
  • Contact your bank or financial institution immediately if the email or phone call claims that you owe money. Banks compile info on these scams and reporting the incident can help bring down the predators
  • Get in touch with Equifax or TransUnion to place a fraud alert on your name if you suspect you might be the victim of attempted identity theft

If you run a dental practice, and you’re worried about keeping your financial records, patient files, schedules, and other documents secure, it pays to partner with a company that understands the nuances of cybercrime.

Servers aren’t always secure, and your digital dental office staff are only human and are not invulnerable to sophisticated phishing scams, so it pays to add another layer of defence. Services are available that offer safe encryption of your data and advanced cloud storage. Data is protected from attacks but can quickly be restored with up to date backups if necessary.

If you feel that you are the target of a cyberscam, take your time and remember to be cautious. When dealing with any company, including a government agency like the CRA, you have the right to request written information, ask for a call back number, and demand time to think over the situation. A real company will be trying to solve a problem, and will show patience. Scammers around the world are all the same – they will want to part you from your money as soon as possible.

And if you run a dental practice, remember that safe, reliable web based dental solutions are available and becoming increasingly the platform of choice.

 

An innocent-looking email can play serious tricks on your Dental Practice.

Every year about this time, our Social Committee starts revving up the excitement about our annual Halloween costume contest. Thoughts turn to the ghoulish and creepy, but to me, there’s nothing more off-putting than cybercrime. Especially when it comes to attacking dental practice data, ransomware tops the nasty list.

The stress, expense and loss of revenue are only part of the problem. Consider patient safety, potential breach exposure, government fines, tarnished reputations and governing body reprimands… the risks are immense.

With all the precautionary information circulating about data protection and software security, one might expect hacking thievery to be on the decline. Not so. It is actually reported to be on the rise!

I was shocked to hear just a couple of weeks ago about an alarming data hostage situation at the City of Midland, about an hour’s drive north of Toronto. A data hack and ransom demand affected the City’s computer operations, leaving the population of 16,000 without access to a number of important services. The City paid the bitcoin ransom for the decryption key and was back in business in two days.

Earlier this year, the City of Atlanta suffered devastating and expensive damage at the hands of a cyber attacker. Reportedly, decades of documents were lost and the City is still racking up millions in restoration costs, in addition to the $2 million just to fix the original problem caused by the hack.

We seem to be learning the hard way that no business is off limits to hackers who want to rake in easy money. And the anonymity of cryptocurrency is making them more difficult to catch. As an ounce of prevention, I’m re-posting my list of security measures and recommend that you share it within your dental practice as a reminder:

  1. Use a reputable email service provider with both anti-virus and anti-malware security built in. A good email product has layers of filtering to block, quarantine or eliminate bad files from ever reaching the desktop.
  2. Secure a personalized domain for your practice (name@PracticeName.com).
  3. Train yourself and your staff to recognize the warning signs of non-legitimate emails:

– an email is unexpected and the sender name not recognized
– there are obvious spelling, grammar and language mistakes
– a legitimate company logo is mimicked, appears warped, blurred, stretched, etc.
– a different url appears if you hover your mouse over the “From” address or link
– the subject does not make sense in the context of your business/practice

  1. Never follow unknown or suspicious links.
  2. Do not open attachments from an unknown sender, or if any aspect of the email seems strange. Examine zip files carefully; do not open .exe files. When in doubt, verify with the sender.
  3. Be wary about websites visited. Ensure all users stay on legitimate business sites, not distracted by ads, banners and pop-ups.
  4. Have at least two backups. Rotate daily and weekly backup files. Keep one offsite to protect your data from physical threats like fire, theft, or flood. Backups MUST be encrypted and you MUST safeguard the encryption key (password to decrypt).
  5. Have the backup data verified quarterly. This is like simulating a disaster; restoring your data from the backup to make sure that it works! Simply checking the backup notification is not data verification.

If you haven’t already spoken to us about protection, backup, data verification and recovery, click here to learn more and take action right away. Malware is everywhere and does not limit its ghoulish behaviour to one day in October.

If your practice has managed to avoid cyber threats and ransomware, outfit your IT team with superhero capes! Pamper them with some caramels and candy apples. Then treat them to this blog post to reinforce the importance of keeping up the good work.

Healthcare Data Security Statistics that May Surprise You

Have you noticed the influx of Updated Privacy Policy notifications in your inbox?

Companies in the European Union – and any company anywhere with EU customers – are scrambling to meet the General Data Protection Regulation (GDPR) compliance deadlines. It’s just a matter of time before stricter privacy control legislation is imposed in other parts of the world.

The protection of personal data is an increasingly hot topic. With every news report of lost, stolen or hacked data, we all become a little more uneasy. Businesses ramp up their focus on protecting their clients, and customers focus on themselves.

With recent high-profile breaches of protected health information (PHI) at companies like Anthem and Allscripts, consumers are more worried than ever about their personal data being compromised. It seems to be a double-edged sword. Consumers are wary of sharing personal information – financial and health-related data top the list. Yet as patients, we expect health professionals to have complete access to our health profiles and background in order to make critical diagnoses, quickly.

The very nature of this information makes the healthcare industry a prime and profitable target for criminals. As you would expect, data security for the users of our dental and medical practice management software has always been a priority.

So naturally, I was intrigued by the findings of Verizon’s 2018 Protected Health Information (PHI) Data Breach Report. I came across a recent article by Suzanne Widup of Verizon’s Security Research Team summarizing findings from 1,368 incidents within the healthcare sector covering 27 countries. Interestingly…

  • 58 % of incidents involved insiders. Whether driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 %); curiosity in looking up the personal records of celebrities or family members (31 %); or simple convenience (10 %), poor internal controls pose a major threat to an organization.
  • 70 % of incidents involving malicious code within the healthcare sector were ransomware infections.
  • 27 % of incidents related to PHI printed on paper. Cyber hacking may be in the news, but it seems real breach activity can also be found in the paper trail. Mailed or faxed prescription information, billing statements, copies of ID and insurance cards… these printed documents are commonly mis-delivered, lost or thrown away without shredding.
  • 21 percent of incidents involved lost and stolen laptops containing unencrypted PHI.

At ABELSoft, our Privacy and Security Specialists are intimately involved at every step of product development and quality control. They champion control and vigilance with internal stakeholders as well as with every software user. Here are several short- and long-term measures suggested by Verizon and by our internal team to lessen the risk of some of these challenges.

a. Full Disk Encryption provides an effective and relatively low-cost method of keeping data out of the hands of criminals.

b. Integrated controls (like ABELSoft’s Authorization Manager, for example) define user roles and access requirements.

c. Documented policies and procedures that mandate routine monitoring of internal access demonstrate commitment to vigilance and repercussions.

d. Staff education regarding these policies is critical.

e. Preventive controls for defending against malware installation are key, as is minimizing the impact that ransomware could have against your network.

f. Unfortunately, ransomware attacks will not always be prevented. There are cases where protective technology gets breached and humans get misled. Good backups become the only recourse when preventative measures fail (other than paying the ransom or starting over, which are both unacceptable solutions).

g. Practices should work towards a reduction of paper-based PHI in their environments, and establish a holistic risk management program that protects not only ePHI, but also other sensitive data that they store and process.

As much as we like to think that we have become cyber-aware and digitally vigilant, we know that hackers and sophisticated criminals will try to get past our defenses. We cannot assume that our team members intuitively understand the importance of privacy and security of healthcare data. They must be educated, reminded and monitored to make sure that you remain the reader of cybercrime news reports… and not the subject.

Read the 2018 Protected Health Information Data Breach Report

Related Posts:

3 keys to cyber security: protect, detect and respond

Pharming and Phishing and Smishing… what next? (re-post)

In Control… or not? It’s up to you

Going Cloud: Three Common Myths Busted

The more I discuss cloud computing with dental practitioners, the more I recognize that there’s as much dis-information floating around as there are facts you can count on.

Moving to a cloud-hosted model is a big decision. Most companies choose it for business agility and cost savings. But there are drawbacks to consider. That’s why ABELDent now features a hybrid solution: Our practice management software users can enjoy all the advantages while minimizing the risk.

To help you separate fact from fiction and support any level of migration to the cloud, I thought it might be helpful to share the truth about the most common myths:

  1. If our data moves to the cloud, our business will no longer have control over our technology.

    Not so!  You still have total control over technology, but your IT department won’t have to worry about constant updates. The time they’re now spending on maintenance and software upgrades will be significantly reduced, allowing them to focus on advancing your organization’s technology and business operations.

    Instead of spending your capital budget on servers, you can think strategically about reinvesting those funds into growth initiatives. (Hmm… what else could I do with those savings?)

  2. Keeping our data on premise is safer than in the cloud.

    Not so!  It’s becoming increasingly clear that companies are routinely hacked without ever knowing it. Your practice may have a security expert, or use the services of a third-party professional. However, most companies can rarely assemble a team large enough to uncover and protect against the hundreds of possible alerts that come through each day.

    Cloud data centres like Microsoft Azure – our proven choice – are singularly focused on security and built with scale in mind. A dedicated team maintains security at the pinnacle of industry standards, using a wide range of processes and regulatory compliance expertise, to prevent, detect and mitigate breaches.

  3. Corporate spies, cyber thieves and governments will have access to my data if it is in the cloud.

    Not so!  This is a top fear about the cloud among many businesses, but it is unfounded. It’s your data, not anyone else’s. You determine access and options, rights and privacy restrictions. Strict controls and design elements prevent your data from mingling with that of other organizations. Physical access to data centres is secured and monitored continuously, and all data centre staff must follow stringent data access protocols.

    A respected provider like MS Azure guarantees that your data will not be mined for advertising or for any purpose other than providing services you have paid for. If you choose to leave the service, you take your data with you.

The more I learn, the more the benefits of cloud computing make solid business sense, especially within the context of our hybrid solution for dental practitioners. As always, we’ve dedicated our development resources to making sure we address the needs, concerns and real-world priorities of our users. Read more about our Best of Both Worlds solution. And please share this with any colleagues who need help separating fact from fiction when it comes to the cloud. It’s good to be on the same page: You’ll save time by not having to argue about these myths.

Once just a Threat to Dental Practices, Ransomware has hit Prime Time!

This is my third blog post about cybercrime – ransomware specifically – and the danger it poses to your dental practice management software and data. Last year, I reported that the security company McAfee had charted a 165% year-on-year increase in ransomware attacks.

I also passed along OntarioMD’s bulletin advising extra vigilance about data security; since then, I had not heard of any specific incident involving this nasty activity. Until the middle of December, that is, when I sat down to watch one of my favourite TV shows. I find Grey’s Anatomy quite informative, as guilty-pleasure TV goes. The episode dealt with a data hostage crisis that shut down all electronic systems from OR monitors and equipment to ICU life-support systems and code-locked supply closets and exits. The season-ending cliff hanger saw the Chief of Staff and the FBI at loggerheads over negotiating a multi-million bitcoin ransom exchange. Cannot wait for Part 2.

Grey Sloan Memorial’s life-threatening cybercrime makes for great TV, but it is the kind of drama you definitely don’t want or need. Your practice data is your lifeline to the health of your business. Awareness, protection and vigilance are essential for prevention.

FYI, here’s a link to the bulletin offering good advice about how to deal with such a threat and, more important, steps to take to protect your dental practice in the first place. In addition, some great security tips I assembled for last year’s post. Always worth repeating!

3 keys to cyber security: protect, detect and respond

Podcast – Technology experts Bill Dungey, IT Manager at Complete Technology Solutions (CTSIT) and Anthony Horvath, VP of Client Services and Operations at ABELSoft Inc. share real life examples about dealing with cybercrime and the loss of access to valuable data.

Listen to this podcast to hear about current trends in cybercrime and discover what makes you vulnerable to hacking and to malware attacks such as ransomware. In addition, Bill and Anthony discuss some best practices for maintaining privacy and security that will help you protect yourself and/or your business.

Podcast