Risk Assessment
Ransomware is one of the biggest threats to dental data, because it gets in via email, on which the industry still heavily relies for communication.
These days it’s not a matter of IF you will get hit with ransomware, it’s WHEN.
Some ransomware might get through and infect your systems, and some might not, but one thing is sure: the bad guys will keep trying. Many dental practices get attacked on a daily basis.
Ransomware is one of the most common types of cyber-attacks. Once your email address is on a target list, you will continue to be hit, possibly in different ways each time.
These types of cyber-attacks are automated. There are lists containing thousands of email addresses being sold on the dark web. The cyber-criminals use a ‘spray’ technique to attack these potential victims through phishing emails. They know that at least a few people will click on the links or attachments, and they will be successful.
They have the time and the patience to work away at your defences, meaning you need to be on your game for every single one of them.
Best Practices Exist
One of the best things you can do is get a third-party security risk assessment at least once a year. This will pinpoint holes and gaps in the security of your systems, software, and people. It will show you how to make your dental network more secure.
It’s important to evaluate risk on 3 levels. This includes your systems, your staff, and the various third parties connecting, or having access to, your data.
Locking down your access points and weak points will not necessarily stop a hacker, which is why education is so important, so consider adding some ongoing training amongst those in your office who use a computer (yes, we know that means all of them). However, micro-training can be as little as a minute or two a week, and it can have a significant impact on the human-error factor.
The Power of Five Simple Questions
Here are 5 questions to ask yourself that will help you identify the amount of exposure you have to things like ransomware, viruses, fraud, and hacking.
1) Am I subscribed to system security monitoring, and do I get daily proof that systems are secure?
2) Do I have complete visibility over who has access to my systems?
3) Do I have an alerting system for security threats and system failures?
4) Do I feel confident with the level of cyber-security training my staff have?
5) Am I confident with my disaster recovery plan and ability to execute it?
Now What do I do With This?
Office managers or dentists who act as the PIPEDA (or equivilent) mandated Privacy Officer for their practice often don’t ask these questions because they don’t know what to do once they’re answered…even if they know how important they are.
It can be time-consuming to have to go find the answers themselves, and they often don’t end up finding the full solution – instead, they get “sold” by an IT company that who say they can keep them compliant. However, that’s only half-true.
IT professionals – even the good ones – don’t always have the tools or expert credentials needed to keep a healthcare practice secure and compliant with law. They may set you up with an anti-virus or a secure email, but there are many other requirements missing from that strategy.
Automation is the Secret Weapon
Every superhero has a secret weapon, and with Alexio, it’s our automation – our software monitors your systems for intrusion, hacking, human error, breaches, and a long list of system health checks.
Alexio Defender automated cyber-security monitors and maintains your PC’s continuously and provides alerts reports on the state of your systems, so that if you want to avoid paying heavy emergency costs, we can help you stay ahead of any technology issues. Healthcare practices save an average of $2600 per year vs traditional ‘human -based’ managed services.
Alexio was built and priced for private practices and small healthcare teams, while also having a custom service for enterprise solutions. Reach out now to take advantage of a free consultation and find out how we can help you find that peace of mind.
Anne Genge is the CEO and co-founder of Alexio Corporation. She and her team of certified privacy and security professionals help dentists, physicians, and other healthcare providers to secure their data & systems, and comply with privacy laws & college mandates. She is a firm believer that good training in cyber-security is the key to protecting not just her family and clients, but also government bodies and major corporations. To this end, she has partnered with many organizations, including the Canadian Dental Association, to produce training in order to reduce the frequency of human error resulting in a security breach.
