Data Privacy
It’s not ‘just teeth’…you’re a target for many other reasons.
Even if you DON’T keep up with the headline news, you may have heard about some of the massive ransomware attacks recently. Last month over 400+ dental practices were paralyzed by ransomware for days. Some dental practices lost data, and there have been health insurers, some cities’ municipal governments, and healthcare practices even shut down. Read here.
Why Are Dentists So Popular with Hackers?
It’s a simple fact that dental practices have all the pieces needed for a hacker to score big: personal information, personal health information, and credit card information.
Personal Information
Patients entrust you with sensitive personal information, as well as a plethora of other personal details.
While it’s understandable that you need most of this info, consider it from your patient’s perspective for a moment: you’re asked to give up an awful lot of personal details, including:
- Name, address and contact information
- Birth date
- Medical history
- Prescriptions
- Sensitive details about mental health
- Employer and insurance information
- Credit card information
As well, dentists often treat entire families, which means it’s not just THEIR information they’re giving up, but that of their kids and spouse. In a very successful practice, you will often have more than one generation of the same family with personal information all in the same database. So for example: ‘mother’s maiden name’ is easily found.
Personal Health Information
This can be the most private of secrets, depending on what’s in those files. Dentists often say to us, “who would care about my files?” but it’s not just teeth that you’ve got in those records…it could be their HIV status, or whether they’ve had an abortion, or whether they suffer from schizophrenia.
People are regularly blackmailed for information like this, and guilty secrets are a favourite for hackers looking for a needle in the haystack. They are able to churn out threatening emails at an alarming rate, and they don’t even care if you call their bluff. If they send out 100 emails and only 5 people take them seriously and pay the ransom, they stand to make thousands of dollars.
Credit Card Information
On its own, credit card information isn’t worth a lot to hackers, but when coupled with the other information available in patient records, they’re able to do a lot more damage.
Hackers are master students of human habits and behaviour, and they know that a lot of PINs and passwords are readily available amongst the family’s files. With a credit card number, birthday, address and a slew of password options, they can steal someone’s entire identity. Additionally, there are millions of breached emails for sale on the dark web to cross-reference.
NOW how do you feel about how attractive your files might be?
Canadian Privacy Law
The government of Canada recognized this opportunity a long time ago, which is why they put laws into place to protect its citizens.
The Personal Information Protection and Electronic Documents Act (PIPEDA) went into law in April 2000, outlining what information could be collected, how it could be used, and the rights of the individual in accessing and controlling its dissemination.
Since then, eight provinces have enacted their own privacy laws. In Ontario, for example, here is the passage related to security:
A health information custodian shall take steps that are reasonable in the circumstances to ensure that personal health information in the custodian’s custody or control is protected against theft, loss and unauthorized use or disclosure and to ensure that the records containing the information are protected against unauthorized copying, modification or disposal. 2004, c. 3, Sched. A, s. 12 (1).
“Steps That Are Reasonable in the Circumstances”
Technology changes, which means that so does the ability of hackers. As new digital products are built, cyber-criminals study these new apps, websites and technologies to find how they can be breached, or how they can be used for ill gain.
Once they find the weakness, they’re in. Malware they install allows them constant access to your computers. In fact, any device that’s linked through your network is now essentially open to them.
The government looks to privacy and security professionals to determine the actual steps and safeguards needed to keep patient data safe – and that’s where a company like Alexio steps up. We know the measures that must be put in place by “health information custodians” in order to make patient data bulletproof against hacker’s attacks.
The Defenders: Healthcare Superheroes
If you’re curious about the “reasonable steps” your practice should be taking in order to be good custodians, we encourage you to do this short self-assessment quiz. Not only will it tell you what you need to work on, but it will help you understand the importance of safeguarding this information.
Alexio Defender is the software we built just to keep you and your patients safe. It’s got 12 layers of security protection from ransomware, system failure and human error. Coupled with our dedication to training, we make sure that the 92% of breaches from human error get reduced right out of the gate.
Click here to set up a quick consult with us, or keep an eye on our social channels for information on our next webinar. We’re dedicated to providing education around protecting people’s data – both in healthcare practices, and for our families at home.
Anne Genge is the CEO and co-founder of Alexio Corporation. She and her team of certified privacy and security professionals help dentists, physicians, and other healthcare providers to secure their data & systems, and comply with privacy laws & college mandates. She is a firm believer that good training in cyber-security is the key to protecting not just her family and clients, but also government bodies and major corporations. To this end, she has partnered with many organizations, including the Canadian Dental Association, to produce training in order to reduce the frequency of human error resulting in a security breach.
