Tag: dental practice cybersecurity

Feb 18
2025

5 Ways to Identify and Address Security Vulnerabilities

Erik Eisen

By Erik Eisen, CEO, CTI Technical Services.

A single breach impacting any of the multiple cloud-based or internally connected tools, devices, and hardware and software solutions found in the typical dental practice or dental services organization (DSO) can put a stop to thousands of dollars of billings per day.

Add to that the cost of recovery and potential fines related to compliance issues if any of those devices or solutions touches patient information, and the outcome can be financially devastating.

For some, it is insurmountable.

Complicating the security environment for dental organizations is that the myriad of connected and interconnected technologies makes it impossible for a one-size-fits-all solution to adequately protect every mission-critical piece of dental equipment or software. Which is why an audit to identify and address security and cybersecurity vulnerabilities is a smart move for dental organizations of all sizes.

A uniquely vulnerable environment

Dental practices and DSOs are highly attractive targets for hackers and other nefarious cybersecurity actors. As a result, the industry experienced a 45% increase in data breaches since 2022.

There are several reasons why dental organizations are being targeted. Topping the list is the highly lucrative patient data they hold, including personal, banking, and insurance information, as well as the practice’s own financial and other information. Also at play is a perceived lack of robust security systems and limited employee training in security.

Once underway, the average hacking runs for 90 days, during which time hackers can plant malicious code, freely explore any accessible data, plan new ways to exploit stolen information, and identify inroads into connected systems outside the practice.

The threat level is high enough that the FBI in May 2024 warned the American Dental Association (ADA) and American Association of Oral and Maxillofacial Surgeons (AAOMS) about a credible, active cybersecurity threat to oral and maxillofacial surgical practices and expressed concern that general dental could eventually be targeted.

In terms of weaknesses, DSOs and dental practices face five primary cybersecurity vulnerabilities: phishing, ransomware, social engineering, fake software updates, and business email compromise (BEC). Security-wise, physical security and access control are the biggest problem areas, while other threats come in the form of financial fraud, insider threats, and identity theft.

The consequences of a successful breach are financial and reputational devastation, recovery from which can take years. If patient records are compromised, dental organizations could potentially face heavy fines ranging from $100-$50,000 for each HIPAA violation—not to mention loss of patient trust.

Continue Reading

May 2
2023

Tips For Setting Up Phishing Simulations For a Dental Practice

John Trest

By John Trest, chief learning officer, Inspired eLearning at VIPRE Security Group

Dental practices must beef up their teams’ awareness of spear-phishing attacks, currently accounting for 91% of data breaches. Your team members must understand the threat landscape and know that hackers are trying to infiltrate the practice. Dental practices face many threats. Attacks and phishing attempts continually evolve and become more sophisticated.

As a dental practice leader, you can mitigate these attempts through a security and privacy awareness training program. eLearning is a good option here. Unlike in-classroom meetups, internet-based classes are delivered on-demand and as needed. Using online platforms also expand your training and reinforcement options such as threat simulations. Third-party phishing simulations, for example, provide various scenarios that mimic real-world attacks and attempts. Doing so matters because research shows that businesses that set up simulated phishing attempts once a month have 27% fewer employees falling victim to such attacks.

In any care setting, those numbers are too high. Because dental practices have valuable patient information in their systems, dental practices are rife for an attack. That said, let me provide some best practices you need to know to get the most out of your security awareness and HIPAA training.

What to Consider When Preparing

You may have options depending on your simulation solution. In addition to email phishing, consider sending SmiShes (phishing to employees via text messaging). Or try voicemail phishing, known as Vishing.

Then, there is USB Baiting, done by seeding bogus, infected USB drives around the workspace or parking lot that can communicate back if plugged into a computer. Employing optional simulations reduces a practice’s susceptibility to phishing attacks. In addition, it allows you to change training techniques to give employees a more comprehensive range of threats they should look out for.

Continue Reading