#7cbde1_Small_Sep-Oct 2024 DRA Journal Cover

The latest DRA Journal issue showcases Asia's dental innovation, featuring Thailand's pioneering stem cell research, advanced clinical techniques like 3D-printed dentures for senior patients and digital workflows for implant restorations, a review of top Asian dental startups, and strategies for improving dental practice culture.

>> FlipBook Version (Available in English)

>> Mobile-Friendly Version (Available in Multiple Languages)

Click here to access Asia's first Open-Access, Multi-Language Dental Publication

Guide to improve dental practice cyber protection

Dental practices are becoming increasingly reliant on technology, and with that comes an increased risk of cyberattacks.

The first step in protecting your dental practice from cyberattacks is understanding the risks. This guide has been created to assist practices to identify potential risks and develop an appropriate cyber security plan. Cyber criminals are becoming increasingly sophisticated and better able to target vulnerable dental practices, using a variety of techniques including phishing, malware and ransomware. These attacks may go unnoticed for several years until the practice is compromised.

However, it is possible to reduce the risk of cyber attacks by taking a number of simple steps. This guide will provide some practical cybersecurity recommendations you can immediately implement to protect your data.

Phishing | Protect dental data from hackers | Dental Resource Asia
Beware of phishing attacks: Protect sensitive information such as passwords, credit card numbers and personal identification numbers by making sure emails come from a legitimate source.

What are the most common threats to dental practices?

According to the Ponemon Institute, in 2017 the average cost of a data breach was $3.62 million. The Ponemon Institute also reports that the healthcare industry experiences the most cyberattacks of any other industry. Dental practices are not immune to cyberattacks and data breaches.

In fact, a study by the Identity Theft Resource Center found that in 2021, the overall number of data breaches (1,862) increased by more than 68 per cent over the previous year. This set a new record over the previous all-time high recorded in 2017 (1506 cases). Ransomware-related cybercrimes doubled in subsequent years from 2020. At the rate things are going, ransomware attacks is projected to surpass phishing as the primary cause of data breaches in 2022.

The following are examples of the common cyber threats to dental practices:

Email-borne malware

Approximately 30% of data breaches are caused by email-borne malware. This type of malware can be downloaded from a phishing website and the malicious software can infect a computer via email attachments or links.

Phishing attacks

A phishing attack, also known as a “spear-phishing” attack, is an attempt to obtain sensitive information such as passwords, credit card numbers and personal identification numbers by sending emails that appear to be from a legitimate source.

Ransomware

Ransomware attacks are becoming more common with the threat of cyber criminals targeting dental practices. These attacks are more likely to impact small offices and practices that do not have robust computer technologies, as they can be difficult to detect and remediate.

Spyware Malware

This can be spread via USB flash drives and other portable media. It can be installed through an infected email attachment or link.

Malicious browser extensions

This malicious browser extension is often a type of adware that hides the URL bar and replaces it with advertisements, redirects, or other unwanted ads.

Viruses

A virus is a type of malicious software that can cause damage to a computer or electronic device by corrupting files, spreading across a network, or even by altering the operating system.

Worms

A worm is a type of malware that propagates by replicating itself across other computers on the Internet. A worm can be written to exploit security vulnerabilities and propagate using social engineering tactics, network exploitation techniques, or via email.

USB stick cyber protection | Dental Resource Asia
Spyware or malware can be spread via USB flash drives and other portable media.

Best-practice methods for your dental practice to safeguard your data

Use secure apps

Only download and use apps from the official stores. If no longer needed, delete apps completely.

Since the official app stores (Apple App Store or Google Play Store) subject apps to at least a certain level of control before they are allowed to be offered there, the probability of security risks being contained is significantly lower. 

However, only load apps onto your device that you really need and uninstall all apps that you no longer need as completely as possible.

Always install current app version

Always install updates promptly to avoid vulnerabilities.

Just like the operating systems, the updates usually contain the latest security patches in addition to new functions, so that any security gaps that may have existed beforehand can be closed.

Secure storage of local app data

Only use apps that encrypt documents and save them locally.

Please note that if possible, no data is stored in the cloud. Create backups of your mobile devices and use the option offered by the operating system to create encrypted backups and only save them on devices that are under your own control. Avoid using backups in the cloud, even if they are offered in encrypted form.

Do not send confidential data via apps

In order to prevent the unwanted outflow of possibly confidential data, use data protection settings that are as restrictive as possible, in which uncontrolled access to other sensitive data on the smartphone (e.g. general access to the address book and thus all stored contact data, photo album, etc.) is not possible can be prevented must not be used.

This also applies to common messengers and social media apps, for example.

cloud security | protect dental practice data | Dental Resource Asia
Do not store sensitive or personal data in the Cloud.

No Cloud storage of personal data

No use of the cloud storage integrated in Office products for storing personal information.

Again, refrain from using cloud storage. Especially when it comes to personal data, this data must not be stored in the cloud without a legal basis and the specifications defined there.

Authentication for web applications

Only use Internet applications that strictly secure your access (login page and process, password, user account, etc.).

For this purpose, it should at least be protected with a login with a user name and password. If this is offered, they should activate a so-called “two-factor authentication”, which requires a second security feature in addition to entering a password. This is often a PIN that is sent via a separate app to a previously specified trustworthy device (smartphone, tablet, PC) or as an SMS to a mobile number that you have previously stored.

A particularly secure method is the registration via smart card (e.g. e-dentist card, ZOD card, SMC-B), which also represents a two-factor authentication, since on the one hand possession of the appropriate smart card and on the other hand the associated PIN is required.

Do not set up or allow automated access or calls to web applications

Access to the Internet should always be deliberate and controlled. Therefore, under no circumstances allow downloaded applications or other applications to access web applications automatically.

Regulate permissions and access per group of people and per person

Pay particular attention to clear assignment when sharing folders in the network. Assign only the folders that are absolutely necessary to people or groups and further restrict the assigned folders. Determine which rights (read, write, delete,…) the individual persons or groups have.

Removable data carriers must be checked for malware with an up-to-date protection program each time they are used.

If you use removable media such as a USB stick, check them with the virus protection software installed on your computer before each use, especially if they are exchanged between different systems and before passing them on.

Always erase data carriers securely and completely after use. Your computer offers various options for this

Depending on the operating system used, you have various options here. With the help of additional special applications, a more intensive deletion that may be necessary can be carried out, since a “normal” deletion process usually does not delete the data itself, but only the reference to it, so that it is no longer displayed by the system. 

However, the data can be restored comparatively easily with some freely available programs. Suitable deletion programs usually overwrite the data to be deleted several times so that it cannot be restored afterwards.

Appropriate authentication must be used for management access to network components and management information

Components used in the network such as firewalls, routers, switches, etc. must at least be protected by secure passwords. Access to these devices and thus to the configuration or the information stored there must not be possible without a password or other secure authentication.

Backup and disaster recovery

The backup and disaster recovery is a key part of the security. Backups should be stored in at least two or three different locations. Not only must a backup system be protected but also files that have been backed up, so that you can restore them if necessary.

Security policies and procedures

The security policies and procedures should describe in detail how the organization’s information assets are protected. The policies and procedures should be documented, approved, and updated at least annually.

Physical security

Physical access to computer systems must be closely controlled. All doors must be locked, access cards and keys should be used, and all rooms should be well lit with sufficient natural light to see the information.

Electronic security

All computer systems and network services must have appropriate security measures. All users should use their own login names and passwords. Information security policies and procedures must be integrated into the organization’s overall risk management efforts, including those of human resources, physical security, business continuity planning, and disaster recovery.

Conclusion

The best computer security is achieved by adopting a layered approach to information security. Each layer provides a different set of controls to ensure that data can be accessed and used securely, but each layer has its own vulnerabilities.

It is important to recognize these vulnerabilities and apply the appropriate control measures as shared above. It is important to have a strong and sound security policy in place because it will help to protect all assets of the organization. A good security policy will help a dental practice to maintain a secure and reliable network environment.

Dentists should take the necessary precautions to protect their dental practices from cybercrime. This includes using strong passwords, updating software regularly, and training employees on best practices. By following the tips provided in this article, practitioners can help minimize their risk of a cyber breach and keep their patients’ data safe.

The information and viewpoints presented in the above news piece or article do not necessarily reflect the official stance or policy of Dental Resource Asia or the DRA Journal. While we strive to ensure the accuracy of our content, Dental Resource Asia (DRA) or DRA Journal cannot guarantee the constant correctness, comprehensiveness, or timeliness of all the information contained within this website or journal.

Please be aware that all product details, product specifications, and data on this website or journal may be modified without prior notice in order to enhance reliability, functionality, design, or for other reasons.

The content contributed by our bloggers or authors represents their personal opinions and is not intended to defame or discredit any religion, ethnic group, club, organisation, company, individual, or any entity or individual.

One thought on “Guide to improve dental practice cyber protection

Leave a Reply

Your email address will not be published. Required fields are marked *