Employee training, multifactor authentication and strong firewall software are three steps dental practices and DSOs can take to better protect themselves from cyber attacks and data breaches.
Six industry leaders recently connected with Becker's to share some of their best methods to defend against attacks.
Note: Responses were lightly edited for clarity and length.
Question: How can dental practices/companies effectively prevent cyber threats and/or handle them when they do happen?
Dev Ashish. Chief Technology Officer of ClearChoice Management Services (Greenwood Village, Colo.): A comprehensive data security program is a must in today's day and age. That said, if the organization hasn't started one yet, not all is lost. First, the commitment for this starts at the top with leadership and the board. It's too easy to not think of security, but that would be like telling the patient in the dental chair to not think about dental hygiene. Start with building the list of risks and understanding the surface area of each risk vector. Then, based on the likelihood of exploitation, start putting in solutions. Security has to be layered, and it's not one product or service that is the ultimate answer. It is everyone's job, and the people in the organization have to be the final firewall. Some of the specific things to think about include: regularly updating software and firewalls, multifactor authentication, employee training, encryption of sensitive data and staying informed on the latest threats and vulnerabilities. By being proactive and implementing appropriate safeguards, dental companies can significantly improve their cybersecurity posture and protect themselves and their patients from these ever-evolving threats. That said, almost nobody is completely immune to cyberattacks today. It would behoove the organization to build a cross-departmental incident response plan and practice it on a regular basis.
David Chei, DMD. CEO of Care 1st Dental Management (Carrollton, Texas): I think employee training is critical in order to prevent any type of cybersecurity threats. I think my office was hacked by a ransomware virus when one of my employees downloaded a file that she should not have. Also having firewall protection is definitely a must as well.
Dan Mirsky. Senior Vice President and CIO of Sage Dental (Boca Raton, Fla.): Without going into too much detail on which platforms and tools we specifically use to defend against these attacks, I do have to say that end user awareness training and proactive communications are the most effective tools we use in educating our team members on this issue. I also promote open communication to my service desk and security team members anytime an employee receives a strange email or text message so that we can then proactively defend against it using our tools or communications to the teams that we are experiencing an uptick in these fraud campaigns.
Dion Perkins. Vice President of IT of Mortenson Dental Partners (Louisville, Ky.): There are a few things companies and practices can do. 1) Educate yourself on the basics. 2) Data identification: knowing where your data is, what is the classification of your data and make sure it is properly protected. 3) Education of your team: You need to evolve your teams to be a bit paranoid. Everyone has to be involved in protecting patient data. 4) Backups, backups, backups and then recovery. It isn't a matter of if you get hacked but when should be your mindset, so how you recover becomes very important. 5) Set priorities and reasonable goals based on data identification. 6) Improve your cybersecurity networking by attending a seminar or conference, reaching out to your local FBI cybersecurity office or looking for local partners that can help you on your journey.
Steven Price. President and CEO of Tech Rockstars (Monrovia, Calif.): To effectively fortify their defenses, dental practices can partner with a managed service provider or managed security service provider that specializes in the dental industry. Regular training of staff is another cornerstone of a strong cybersecurity strategy, ensuring that every team member understands their role in protecting patient data. This training, combined with a culture that values security as a core aspect of patient care, transforms staff into proactive guardians of the practice's digital health. The onboarding of new practices should include comprehensive cybersecurity audits to identify any existing security gaps and develop strategies for swift remediation. As cyber threats evolve, so too should the practice's defenses. This means staying informed about emerging threats, embracing continuous learning and integrating advanced technologies. Encrypted communications, secure cloud storage, and sophisticated threat detection systems are just some of the tools that can provide robust protection. Investing in cybersecurity is a strategic move that ensures the integrity and resilience of a dental practice.
Daniel Romary. Chief Information and Analytics Officer of North American Dental Group (Pittsburgh): There are several ways that dental companies can work to prevent these types of attacks, including ongoing cyber and HIPAA risk assessments and penetration testing to identify vulnerabilities, mock phishing campaigns and socialization of results to raise awareness, ongoing systems access audits and updates, network and system monitoring for unusual activities, and implementing multifactor authentication.