Put plans in place now to avoid the pain of a patient data breach
It sounded like a scene from an espionage action movie, but it was 100% real. Hackers cracked into the network of a CWA client with a large dental practice, locked everyone out of the practice data and demanded a ransom to restore access.
“It was a larger practice with five locations and more than 150 employees,” said CWA Partner Toni Lee. “The client had to change the entire email system, and was forced to negotiate with cyber criminals. It was unreal.”
According to an IBM security survey, health care was the most intensely targeted industry for cyber crooks in 2015, with more than 100 million records hacked. Like most businesses, dental practices are focused on servicing and growing customers, but patient data security takes information technology expertise.
Many smaller practices do not have full-time IT support on site, and this can lead to vulnerabilities that make them easy targets for hackers. Through monitoring dental and financial industry news and trends, Lee said she sees a new type of threat at least once a quarter. Protecting patient information has never been more important.
Back up your practice data. Regularly.
One best practice for business data that you do not want to skip: regularly scheduled backups.
“It sounds so basic, but it can be a huge area of concern,” Lee says. “Proper backup of your practice data systems is a must.” If your system is hacked, or if it goes down, efficient recovery of data is crucial to keeping your business operating.
Additional steps you can take
Luckily, smaller practices do not need email accounts for staff, which eliminates a common way hackers get into networks: enticing someone to click. But it’s good to follow these information security best practices:
– Put security protections on internet access for office desktops, so it’s less likely that staff will inadvertently click on a virus or scam
– If practice staff are using Wi-Fi, make sure the connection is password protected, for staff use only
– If offering Wi-Fi for customers make sure it is separate from Wi-Fi staff uses, and make sure customers understand it is not a secure connection
– Manage access to passwords, and change them regularly
– Discourage staff from shopping online at work; viruses and malware are easily spread via shopping sites and shopping emails
Data security resources to note
Governmental agencies and large business also have felt the sting of cybercrimes. Here are some helpful resources for practice owners to improve data and network security.
– The Federal Communications Commission small business cyber security initiative
– 10 Tips for Cyber Security downloadable PDF
– Forbes cyber security best practices for small-to-medium-size businesses
As part of a yearly to-do list for your practice, Lee recommends reviewing with your team how your practice data is managed and stored. Look at the entire flow of data, from initial entry to storage/archiving or deletion. Being proactive in updating your data security measures now could save you a lot of heartache later.