Shoring up dental organizations' security vulnerabilities

Erik Eisen
Dec 17, 2024

Depending on its size, a dental practice or dental service organization (DSO) could have millions of dollars invested into tools, devices, hardware, and software that are connected to each other, the cloud, or other systems. When one is breached, it can put a halt to thousands of dollars of billings per day, not to mention the cost of recovering from a breach. Compliance issues also come into play for any of those devices or software solutions that gather, store, or exchange patient information.

Erik EisenErik Eisen.

It's why a one-size-fits-all security solution can rarely protect every mission-critical piece of dental equipment or software and why an audit to identify and address security and cybersecurity vulnerabilities is a smart move for dental organizations of all sizes.

The vulnerability landscape

Dental practices and other associated businesses in the dental space are top targets for hackers and other nefarious cybersecurity actors, resulting in a 45% increase in data breaches since 2022. There are several reasons for this, most notably that the patient data they hold is lucrative, including personal, banking, and insurance information, as well as the practice's own financial and other information. A perceived lack of robust security systems and limited employee training in security also makes many practices attractive targets for hackers.

Once underway, the average hack runs for 90 days. During that time, hackers are not only able to plant malicious code, but they can freely explore accessible data and plan new ways to exploit it, as well as determine inroads into connected systems outside the practice. The threat level is severe enough that the FBI issued a notice in May 2024 to the ADA and American Association of Oral and Maxillofacial Surgeons warning of a credible, active cybersecurity threat to oral and maxillofacial surgical practices and expressing concern that general dentists and oral healthcare specialists could be targeted.

On the cybersecurity front, dental practices and DSOs face five primary vulnerabilities: phishing, ransomware, social engineering, fake software updates, and business email compromise. On the security front, physical security and access control are the biggest areas of vulnerability, while other threats come in the form of financial fraud, insider threats, and identity theft.

The consequences of a successful breach are potentially devastating, both financially and reputationally, and recovery can take years. Additionally, compromised patient records can be HIPAA violations, exposing the practice to heavy fines ranging from $100 to $50,000 per violation and the loss of patient trust.

Assessing your practice's vulnerabilities

While the best way for a dental practice or DSO to assess its vulnerabilities is to call in a cybersecurity professional, it is possible to self-audit by assessing the following five key areas of the business:

  1. Staff training: Is your team trained in cybersecurity best practices, including how to recognize phishing attempts, the need for strong passwords, etc., and is this training updated regularly?

  2. Security safeguards: Do you have security measures in place that minimize human errors (e.g., email filters, browsing restrictions, multifactor authentication, etc.), particularly around patient information access? Are they kept current?

  3. Software patches and updates: Are procedures in place for updating software and systems with the latest patches and updates to protect against vulnerabilities? Are they followed?

  4. Vendor security profiles: Do vendors, partners, or any other entity that may access the practice's systems have proper cybersecurity and security protocols to prevent a breach on their end from impacting the practice?

  5. Business continuity: Is there a business recovery and continuity plan in place to get operations back up and running in the wake of a breach? Is it regularly reviewed and updated as needed? Are staff aware of the plan and trained in its deployment?

The answers to these questions will provide a fairly clear picture of any areas of weakness in a practice's or DSO's security framework and help determine the next steps and whether they can be taken internally or if seeking outside expertise is the better option.

Taking action

Once areas of vulnerabilities have been identified, take action to harden them against cyber and security threats to mitigate risks and ensure the organization is prepared if the worst-case scenario comes to fruition.

One of the first steps should be getting staff members up to speed on security training and ensuring they are adhering to best practices. From there, you want to follow these steps:

  1. Schedule regular backups of and encrypt all critical data, which should ideally be stored offsite in a HIPAA-compliant facility. Perform tests to ensure these systems and data can be restored quickly when needed.

  2. Schedule regular checks for software and device updates.

  3. Implement or enhance email, online, and other security measures.

If one does not already exist, put in place an incident response plan outlining the steps to take should a breach occur, including how to contain it, assess its impact, and notify affected parties. Be sure the plan encompasses all HIPAA and other compliance requirements. Business continuity should be included in the incident response plan, or a separate plan should be created.

Finally, consider partnering with an information technology (IT) management firm that provides cybersecurity services to maintain software and devices. Look for a provider with specific experience in dental IT and cybersecurity that offers at minimum proactive monitoring, regular security assessments, and staff training and that has a deep understanding of HIPAA and other compliance requirements. During the evaluation process, ask prospective companies about their response times and disaster recovery capabilities and obtain -- and check -- references.

Be prepared

The harsh reality is that it is only a matter of time before a dental practice or DSO is hit by a breach of some kind. The information they hold is simply too valuable a target for hackers to resist. By limiting potential technological loopholes and establishing security and recovery protocols, the fallout can be minimized and the practice can continue providing quality patient care with minimal disruption.

Erik Eisen is the CEO of CTI Technical Services, a leading provider of IT support and cybersecurity services in the dental space.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Latest in Practice Trends
Young Dentist Man
What to expect from dentistry in the next 5 years
December 5, 2024
Candid Conversations
Sponsored
Candid Conversations
December 2, 2024
Eric Shirley.
What this dental executive is watching heading into 2025
November 18, 2024
Handshake Business Partners Peopleimagescom
Dental duets: Despite what you may have read, dentistry is a smart investment
November 7, 2024
Related Stories
400x300 (2)
Webinars
Navigating the Confusing World of Cybersecurity
Cybersecurity Locks
Legal Issues
74K affected by dental practice data breach
Usman Choudhary
Practice Trends
The current state of dental cybersecurity: At risk
Candid Conversations
Sponsor Content
Candid Conversations
More in Practice Trends
What to expect from dentistry in the next 5 years
By Melissa Busch
The U.S. is amid a generational transition that may bring major changes to dentistry, according to a perspective in the Journal of the American Dental Association.
December 5, 2024
Young Dentist Man
DSO leaders dish on their must-have technologies for 2025
By Beth Gaddis
Practice owners and dental service organization executives are budgeting for 2025 and allocating where they will invest their dollars. These are their priorities.
November 20, 2024
Dental Tech Modern Office
What this dental executive is watching heading into 2025
By Kevin Henry
Recorded at the recent Dental Trade Alliance annual meeting in Napa, CA, we spoke with Eric Shirley of Keystone Industries about what he's hearing and what's to come in dentistry.
November 18, 2024
Eric Shirley.
Dental duets: Despite what you may have read, dentistry is a smart investment
By Dr. Shervin Molayem, Michael Ventriello
The latest advances in dental technology offer exciting investment opportunities for individual investors, venture capital firms, and private equity groups, writes Michael Ventriello and Dr. Shervin Molayem.
November 7, 2024
Handshake Business Partners Peopleimagescom
2025 trending technologies in dentistry, Part 1: Personalized dental treatment planning, more
By Estela Vargas
Pivotal trends are redefining the patient experience, many of which are available now. Estela Vargas, CRDH, reviews some of these trends.
October 17, 2024
Vargas Estela 400
How much money will you make as a U.S. dentist? It's complicated.
By Melissa Busch
Multiple factors and their complicated interplay make determining the expected wages for dentists working in the U.S. difficult.
October 7, 2024
Dentistry Dollar Bills
5 strategies for dental procurement to increase efficiency and savings
By Beth Gaddis
Procurement is a hot topic at conferences this year as leaders try to streamline costs without sacrificing quality of care. With that, Beth Gaddis talked to dental leaders for their insights and tips on the subject.
October 1, 2024
Financials Calculator
Where U.S. patients spend the most for dental exams
By Melissa Busch
The U.S. states with the most expensive and affordable dental exams were recently ranked.
September 24, 2024
Dentist Hygienist Tools
Lessons from the past: How dental practices survived the Great Recession
By Jordon Comstock
By examining how this economic downturn affected consumer behavior and the demand for dental services, we can prepare potential strategies for future economic challenges, writes Jordon Comstock.
September 20, 2024
Jordon Comstock.
How dentistry's practice models continue to evolve
By Melissa Busch
Dentistry's practice models continue to change, according to new data from the ADA Health Policy Institute.
September 5, 2024
Dentist Man Smiling
What the lack of an oral medicine workforce in the U.S. means
By Ava Barros
The lack of oral medicine diplomates leaves much of the U.S. population without access to care in their states, according to research published in Oral Surgery, Oral Medicine, Oral Pathology and Oral Radiology.
August 28, 2024
Dental Chair
Private equity's growing stake in dentistry may stun you
By Melissa Busch
Private equity transactions have heated up in recent years, and these companies' current stake in the industry may be eye-opening.
August 19, 2024
Dentistry Dollar Bills
Page 1 of 27
Next Page