Breach Prevention – The Overlooked Component of Dental Practice Management

Insights from Anne Genge

We are all patients somewhere and deserve to have our private and sensitive health information kept safe.?

Technology - both an asset and a risk.

While technology has made an enormous contribution to expediting and enhancing patient care, it is also the same thing that puts us at risk. I'm concerned as a professional, yes, but I'm also concerned as a consumer of health care.?I want safety for myself, and my family from future exposure that could have tragic consequences. Imagine your health records, medications list, therapy notes, etcetera, all out on the Internet for public consumption. Scary.

Our health data is very attractive to cyber criminals because it contains all of the necessary details for identity theft. This is probably why a single health record can be sold on the dark web for up to $1000 per record. Your health record is not like a credit card that can be replaced if stolen.

Healthcare practices, like dentists, physicians, and other private practices need to protect our information from breaches, ransomware hacking, and loss. Hospitals and other large organizations, even though they have big bigger budgets, still struggle with this.

Healthcare practices need the same protections as hospitals and larger organizations, but most cybersecurity solutions don't address this need for smaller clinics. They have limited budgets, which is why a standardized, affordable solution is needed.?

1. We need to continuously be assessing the risk of the practice with regards to the hardware, software, and internet connectivity.
2. Create and execute a strategy to minimize the risk. This will include:

• Securing the dental practice network
• Securing the dental server, desktops, and other connected devices
• Creating policies for governance over the use of the above
• Creating procedures and plans for when incidents happen
• Training staff on the safe use of practice systems and comprehensive breach prevention strategies
• Creating a business continuity plan so that the practice can stay in operation no matter what type of disaster or incident occurs.

Lack of standardization is a big issue.

We're mostly in trouble because there's no standardization. And, there's no oversight or governance over IT providers. Many people are being hired for IT jobs simply because someone knows them, or because they are ‘in the area’. In some cases, there are dental IT companies. But there’s still a shortage of cybersecurity expertise.

Today a dental office is a very sophisticated digital environment. They are high-tech like hospitals with digital imaging, patient management systems, integrated treatment planning, and so on. However, unlike?a hospital with a team of security and IT professionals on-site, a dental office is mostly on its own.

In my work, I typically see three scenarios. One is that there is virtually no security running at all other than antivirus. The second is that someone has tried to implement security but it has dramatically disrupted workflow so they turn it off, And the third scenario is that it’s in good shape but that’s only 7% of the time. This means we have a lot of work to do.

How do we solve it?

It starts with standardization and affordable access to experienced professionals. And so I'm on a mission.

Here are some ideas for solving the cybersecurity crisis in healthcare practices:

• Creation of standards, training and oversight of IT providers serving healthcare practices
• Ensuring every healthcare practice has access to certified cybersecurity professionals to create their cyber strategy and support them continuously
• Mandatory annual professional 3rd party risk assessment of healthcare practice networks
• Mandatory cybersecurity awareness training for all people working with health data
• Make industry-specific breach prevention training easy and affordable for practice owners and managers

Helpful resources to assess the risks in your practice are available through CDA Oasis:

The Growing Threat of Cybercrime: How to Fight Phishing in Your Dental Practice: https://oasisdiscussions.ca/2022/10/17/the-growing-threat-of-cybercrime-how-to-fight-phishing/

Assess Your Risk - Ransomware Vulnerability Assessment: https://oasisdiscussions.ca/2022/02/21/introducing-the-cybersecurity-mini-workshop-series/

Cybersecurity Mini-Workshop #8 – Disaster Planning Checklist https://oasisdiscussions.ca/2022/09/19/cybersecurity-mini-workshop-8-disaster-planning/

Cybersecurity Mini-Workshop #2 – Backup Assessment |Checklist https://oasisdiscussions.ca/2022/03/21/cybersecurity-workshop-no-2-backup-assessment-checklist/

*Alexio Security Risk Assessment Data 2017 - 2022

About Anne Genge

Her motto ‘no geek speak’, coupled with her humour and great story-telling, has made Anne one of Canada’s leading cybersecurity and privacy educators. Anne has dedicated her career to helping healthcare practice and small business owners understand technology, how to leverage it, and more importantly, how to do it safely. Over her 20+ years as an educator and tech innovator she has earned global awards for her efforts. Anne keeps the client as her ‘true north’ in how she creates affordable and effective tools and training for privacy & data security. Anne is on a mission to help everyone understand online threats and be able to defend themselves at home and at work when using technology. Reach out to Anne for speaking engagements, training, and consulting. Contact Anne: [email protected]