By Theresa Ahearn
During the pandemic, ransomware attacks and cyber frauds have emerged as a significant issue for dentistry and medical offices since electronic record systems continue to be a target for cybercriminals. Cyber-attacks jeopardize not only patient information but also a dental office's reputation and earnings. Fortunately, management has the ability to take effective steps to help protect critical patient information from cyber-criminals during the pandemic. (Pranggono & Arabo, 2021).
Though ransomware attackers have been targeting the healthcare business for decades (Nifakos et al., 2021), the subject has recently gotten a lot of attention because of the pandemic. Ransomware encrypts sensitive data and locks it until the victim pays a ransom. According to research released by the Ponemon Institute, 43% of healthcare companies have been hit by ransomware in the last two years, with 70% experiencing delays in procedures and test results. During the pandemic, an uptick in ransomware attacks occurred via email. Employees were reportedly being tricked by phishing attempts where emails that contained fake links were sent that looked legitimate. Emails also included malicious attachments sent to employees of organizations dealing with the pandemic (Ramadan et al., 2021). Two recent incidents serve as warnings that ransomware and phishing attacks may target dentists. Between March 31 and April 1, 2021, a cyber-criminal used a phishing attack to gain access to the computer systems of North American Dental Management, a Pittsburgh-based company that provides administrative and technical support services for Professional Dental Alliance (PDA) offices.
Following the discovery of the intrusion, North American Dental Management took steps to safeguard the compromised email accounts and initiated an investigation. However, in August 2019, a ransomware attack on DDS Secure, a data backup solution supplied by a subsidiary of the Wisconsin Dental Association and PerCSoft, a technology provider in the dental sector, disrupted hundreds of dental practices. As a result, dentists could not access medical records, charts, insurance documents, and other personal information while under attack.
Fortunately, there are lessons learned and recommended prevention measures dentists can take to avoid encountering a ransomware attack.
Staying Ahead of a Cyber Attack
Cybersecurity training programs and cybersecurity awareness campaigns are examples of effective strategies dental practices can adopt (WJ et al., 2019). Training and cybersecurity information campaigns ensure that security awareness is not a one-time event for employees, but rather part of organizational culture. When employees are actively involved in cybersecurity, awareness of and adherence to core cybersecurity principles becomes a priority in their daily decision-making. Other measures such as implementing a robust password policy can be a powerful defense against intruders. State-of-the-art hacking software can guess 100 billion password combinations in a matter of seconds. Practice managers should ensure that their password rules require strong passwords and that they are kept up to date, and changed periodically.
A few other recommended best practices to secure healthcare data include storing a backup of data offline, ensuring up-to-date firewalls and antivirus software, and staying informed on ransomware news and trending scams (He et al.,2021). To protect patient data, dentists must employ a multilayered strategy. Hackers are quick to spot weaknesses, thus having many security backup methods can prevent an attack in the event one option fails. The US government also provides resources to assist healthcare providers in preventing ransomware attacks. Providers should sign up for the OCR Security Listserv to receive ransomware updates, guidance, and technical assistance.
Cybersecurity Guidance COVID-19 and Beyond
Although dental offices should engage in cybersecurity to prevent trending attacks, special attention is required to address cybersecurity risks during the COVID-19 pandemic. According to Argwa et al., health care practices should allocate more resources and funding to cybersecurity throughout the pandemic. Additionally, dentists should plan for long-term remote working and invest in upgrading their security systems and cybersecurity crisis management capabilities so that they can service continuously even during times of crisis, such as the present pandemic and beyond.
Author: Theresa Ahearn is a freelance writer currently residing in Oak Ridge, Tennessee. She received her Bachelor of Arts from the New York Institute of Technology and Master of Science from Central Connecticut State University. When not writing, she can be found fishing or traveling someplace new.