English
简体中文
繁體中文
English
Filipino
हिन्दी
Hmong
Bahasa Indonesia
日本語
Basa Jawa
한국어
ພາສາລາວ
Bahasa Melayu
മലയാളം
ဗမာစာ
سنڌي
தமிழ்
ไทย
Tiếng Việt
Afrikaans
Shqip
العربية
አማርኛ
Հայերեն
Azərbaycan dili
Euskara
Беларуская мова
বাংলা
Bosanski
Български
Català
Cebuano
Chichewa
Corsu
Italiano
Hrvatski
Čeština
Dansk
Nederlands
Esperanto
Eesti
Suomi
Frysk
Galego
ქართული
Ελληνικά
ગુજરાતી
Kreyol ayisyen
Deutsch
Français
Harshen Hausa
Ōlelo Hawaiʻi
עִבְרִית
Magyar
Íslenska
Igbo
Gaeilge
ಕನ್ನಡ
Қазақ тілі
ភាសាខ្មែរ
كوردی
Кыргызча
Latin
Latviešu valoda
Lietuvių kalba
Lëtzebuergesch
Македонски јазик
Malagasy
Maltese
Te Reo Māori
मराठी
Монгол
नेपाली
Norsk bokmål
پښتو
فارسی
Polski
Português
ਪੰਜਾਬੀ
Română
Русский
Samoan
Gàidhlig
Српски језик
Sesotho
Shona
සිංහල
Slovenčina
Slovenščina
Afsoomaali
Español
Basa Sunda
Kiswahili
Svenska
Тоҷикӣ
తెలుగు
Türkçe
Українська
اردو
O‘zbekcha
Cymraeg
isiXhosa
יידיש
Yorùbá
ZuluDental practices are becoming increasingly reliant on technology, and with that comes an increased risk of cyberattacks.
The first step in protecting your dental practice from cyberattacks is understanding the risks. This guide has been created to assist practices to identify potential risks and develop an appropriate cyber security plan. Cyber criminals are becoming increasingly sophisticated and better able to target vulnerable dental practices, using a variety of techniques including phishing, malware and ransomware. These attacks may go unnoticed for several years until the practice is compromised.
However, it is possible to reduce the risk of cyber attacks by taking a number of simple steps. This guide will provide some practical cybersecurity recommendations you can immediately implement to protect your data.
What are the most common threats to dental practices?
According to the Ponemon Institute, in 2017 the average cost of a data breach was $3.62 million. The Ponemon Institute also reports that the healthcare industry experiences the most cyberattacks of any other industry. Dental practices are not immune to cyberattacks and data breaches.
In fact, a study by the Identity Theft Resource Center found that in 2021, the overall number of data breaches (1,862) increased by more than 68 per cent over the previous year. This set a new record over the previous all-time high recorded in 2017 (1506 cases). Ransomware-related cybercrimes doubled in subsequent years from 2020. At the rate things are going, ransomware attacks is projected to surpass phishing as the primary cause of data breaches in 2022.
The following are examples of the common cyber threats to dental practices:
Email-borne malware
Approximately 30% of data breaches are caused by email-borne malware. This type of malware can be downloaded from a phishing website and the malicious software can infect a computer via email attachments or links.
Phishing attacks
A phishing attack, also known as a “spear-phishing” attack, is an attempt to obtain sensitive information such as passwords, credit card numbers and personal identification numbers by sending emails that appear to be from a legitimate source.
Ransomware
Ransomware attacks are becoming more common with the threat of cyber criminals targeting dental practices. These attacks are more likely to impact small offices and practices that do not have robust computer technologies, as they can be difficult to detect and remediate.
Click to Visit website of India's Leading Manufacturer of World Class Dental Materials, Exported to 90+ Countries.
Spyware Malware
This can be spread via USB flash drives and other portable media. It can be installed through an infected email attachment or link.
Malicious browser extensions
This malicious browser extension is often a type of adware that hides the URL bar and replaces it with advertisements, redirects, or other unwanted ads.
Viruses
A virus is a type of malicious software that can cause damage to a computer or electronic device by corrupting files, spreading across a network, or even by altering the operating system.
Worms
A worm is a type of malware that propagates by replicating itself across other computers on the Internet. A worm can be written to exploit security vulnerabilities and propagate using social engineering tactics, network exploitation techniques, or via email.
Best-practice methods for your dental practice to safeguard your data
Use secure apps
Only download and use apps from the official stores. If no longer needed, delete apps completely.
Since the official app stores (Apple App Store or Google Play Store) subject apps to at least a certain level of control before they are allowed to be offered there, the probability of security risks being contained is significantly lower.
However, only load apps onto your device that you really need and uninstall all apps that you no longer need as completely as possible.
Always install current app version
Always install updates promptly to avoid vulnerabilities.
Just like the operating systems, the updates usually contain the latest security patches in addition to new functions, so that any security gaps that may have existed beforehand can be closed.
Secure storage of local app data
Only use apps that encrypt documents and save them locally.
Please note that if possible, no data is stored in the cloud. Create backups of your mobile devices and use the option offered by the operating system to create encrypted backups and only save them on devices that are under your own control. Avoid using backups in the cloud, even if they are offered in encrypted form.
Do not send confidential data via apps
In order to prevent the unwanted outflow of possibly confidential data, use data protection settings that are as restrictive as possible, in which uncontrolled access to other sensitive data on the smartphone (e.g. general access to the address book and thus all stored contact data, photo album, etc.) is not possible can be prevented must not be used.
This also applies to common messengers and social media apps, for example.
No Cloud storage of personal data
No use of the cloud storage integrated in Office products for storing personal information.
Again, refrain from using cloud storage. Especially when it comes to personal data, this data must not be stored in the cloud without a legal basis and the specifications defined there.
Authentication for web applications
Only use Internet applications that strictly secure your access (login page and process, password, user account, etc.).
For this purpose, it should at least be protected with a login with a user name and password. If this is offered, they should activate a so-called “two-factor authentication”, which requires a second security feature in addition to entering a password. This is often a PIN that is sent via a separate app to a previously specified trustworthy device (smartphone, tablet, PC) or as an SMS to a mobile number that you have previously stored.
A particularly secure method is the registration via smart card (e.g. e-dentist card, ZOD card, SMC-B), which also represents a two-factor authentication, since on the one hand possession of the appropriate smart card and on the other hand the associated PIN is required.
Do not set up or allow automated access or calls to web applications
Access to the Internet should always be deliberate and controlled. Therefore, under no circumstances allow downloaded applications or other applications to access web applications automatically.
Regulate permissions and access per group of people and per person
Pay particular attention to clear assignment when sharing folders in the network. Assign only the folders that are absolutely necessary to people or groups and further restrict the assigned folders. Determine which rights (read, write, delete,…) the individual persons or groups have.
Removable data carriers must be checked for malware with an up-to-date protection program each time they are used.
If you use removable media such as a USB stick, check them with the virus protection software installed on your computer before each use, especially if they are exchanged between different systems and before passing them on.
Always erase data carriers securely and completely after use. Your computer offers various options for this
Depending on the operating system used, you have various options here. With the help of additional special applications, a more intensive deletion that may be necessary can be carried out, since a “normal” deletion process usually does not delete the data itself, but only the reference to it, so that it is no longer displayed by the system.
However, the data can be restored comparatively easily with some freely available programs. Suitable deletion programs usually overwrite the data to be deleted several times so that it cannot be restored afterwards.
Appropriate authentication must be used for management access to network components and management information
Components used in the network such as firewalls, routers, switches, etc. must at least be protected by secure passwords. Access to these devices and thus to the configuration or the information stored there must not be possible without a password or other secure authentication.
Backup and disaster recovery
The backup and disaster recovery is a key part of the security. Backups should be stored in at least two or three different locations. Not only must a backup system be protected but also files that have been backed up, so that you can restore them if necessary.
Security policies and procedures
The security policies and procedures should describe in detail how the organization’s information assets are protected. The policies and procedures should be documented, approved, and updated at least annually.
Physical security
Physical access to computer systems must be closely controlled. All doors must be locked, access cards and keys should be used, and all rooms should be well lit with sufficient natural light to see the information.
Electronic security
All computer systems and network services must have appropriate security measures. All users should use their own login names and passwords. Information security policies and procedures must be integrated into the organization’s overall risk management efforts, including those of human resources, physical security, business continuity planning, and disaster recovery.
Conclusion
The best computer security is achieved by adopting a layered approach to information security. Each layer provides a different set of controls to ensure that data can be accessed and used securely, but each layer has its own vulnerabilities.
It is important to recognize these vulnerabilities and apply the appropriate control measures as shared above. It is important to have a strong and sound security policy in place because it will help to protect all assets of the organization. A good security policy will help a dental practice to maintain a secure and reliable network environment.
Dentists should take the necessary precautions to protect their dental practices from cybercrime. This includes using strong passwords, updating software regularly, and training employees on best practices. By following the tips provided in this article, practitioners can help minimize their risk of a cyber breach and keep their patients’ data safe.
The information and viewpoints presented in the above news piece or article do not necessarily reflect the official stance or policy of Dental Resource Asia or the DRA Journal. While we strive to ensure the accuracy of our content, Dental Resource Asia (DRA) or DRA Journal cannot guarantee the constant correctness, comprehensiveness, or timeliness of all the information contained within this website or journal.
Please be aware that all product details, product specifications, and data on this website or journal may be modified without prior notice in order to enhance reliability, functionality, design, or for other reasons.
The content contributed by our bloggers or authors represents their personal opinions and is not intended to defame or discredit any religion, ethnic group, club, organisation, company, individual, or any entity or individual.