In early May, the FBI warned the ADA and the American Association of Oral and Maxillofacial Surgeons (AAOMS) of a credible threat against dentists. In particular, there was an acknowledgment of cybersecurity threats targeting oral and maxillofacial surgeons.
The FBI suspects that a group behind cyberattacks against plastic surgeons last year has shifted its focus to dental surgeons. The threat actors' main targeting tactics include phishing, vishing, and smishing.
Phishing is an attack sent through email, vishing is a phone scam, and smishing is perpetrated through text messages. These attacks aim to gain access to sensitive information, such as patient-protected health information (PHI), to commit financial fraud or identity theft.
One example cited by the FBI is a cybercriminal who pretends to be a new patient and contacts a practice. In this situation, the offender calls the practice saying they could not submit the patient form online and requests if they can email it instead. When the email is opened and the attachment is accessed, malware is deployed. While the FBI specifically mentions a threat to dental surgeons, they recommend that all dentists remain vigilant.
How dental practices can protect themselves from a cyberattack
Most cyberattacks result from human error and can be prevented if you and your team are well-informed and your practice implements data security measures. The U.S. Cybersecurity and Infrastructure Security Agency recommends adopting the following practices:
- Train employees to recognize phishing incidents.
- Have policies in place that enforce the use of strong passwords.
- Implement multifactor authentication.
- Keep software applications updated.
Dental practices should also ensure that they meet HIPAA requirements for protecting the confidentiality, integrity, and availability of PHI. By conducting an annual HIPAA security risk assessment, practices can identify weaknesses in their data security practices. Once identified, vulnerabilities should be addressed with corrective actions.
Editor's note: DrBicuspid has a free webinar titled "Building Cyber Risk Resilience: Understanding the Clear & Present Danger." Participants can receive one hour of continuing education credit from the Academy of General Dentistry's Program Approval for Continuing Education.
The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.