As cyberattacks against businesses of all sizes across the US continue to rise, hackers are eager to target dental practices and gain access to the wealth of information stored on their networks. According to the US Department of Health and Human Services website, there have been 4,000 ransomware attacks daily since early 2016.1
Ransomware is a type of malicious software that denies access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware—until a ransom is paid.
Why do hackers target dental practices? Cybercriminals single out dental records due to the wealth of critical data they contain, such as patient names, addresses, dates of birth, Social Security numbers, health history forms, and family member information, in addition to scans of driver’s licenses, insurance cards, 2D and 3D images, lab reports, and more. To hackers, this information is a treasure trove of data and more than enough to encourage identity theft. Hackers often sell this information on the dark web. They are very familiar with HIPAA laws and leverage them to extort dental practices into paying the ransom to prevent the release of stolen patient records to outsiders. Even if your practice has a viable backup, from our experiences in dealing with clients victimized by a cyberattack, there is approximately a 75% chance that your patient records were stolen as part of the cyberattack. If you don’t pay the ransom, the hackers will publish and sell your data on the dark web.
The scope of a ransomware attack
The owners or managers of a dental practice often do not fully understand the major operational, financial, emotional, and reputational impacts of a cyberattack. Practice owners often have a false sense of security with outdated protections such as firewalls, may not consider more serious potential threats, or may rely solely on an IT company for cyberprotection. Unfortunately, as cyberattacks become more sophisticated, these protective measures (including use of IT companies) cannot provide the advanced security required to properly protect dental offices from today’s hackers.
You may also be interested in ...
How dentists can protect themselves from the cyberattack epidemic
Winning the attack: Four steps to protecting your practice against cyberattacks
In the majority of cases we’ve worked on, the threat actor has stolen most or all of the practice’s data and either threatened to release or has released the data. Cybersecurity is not just about recovery; it’s about protecting highly confidential practice and patient data and preventing it from being accessible.
Dental professionals need to consider if their practices can afford to close their doors for two to three weeks while a cyberattack is investigated and data is recovered, as well as whether they have enough financial, reputational, and operational stability to survive once they reopen after a cybercatastrophe.
We recommend that all practices provide their dental staff members appropriate training so they know how to identify potential email-based threats and take immediate action should a hacker attempt to access the critical data stored within the practice’s network.
Steps to take after a ransomware attack
Once you recognize that your practice could be the victim of a data breach, you’ll want to take immediate steps to ensure data and overall network safety are not further compromised.
First, the practice should immediately stop using the office computers and contact a professional cybersecurity firm to analyze the attack. When selecting a firm, choose one that has significant experience working in dental/health-care cybersecurity, especially with practices of similar sizes. The firm should provide a detailed analysis on what has been affected and the steps to take next. It is critical to determine to what extent data has been accessed or stolen. Simultaneously, retain a law firm with a dedicated cybersecurity practice.
Additional steps a dental practice can take:
- Unplug all modems and routers that give internet access to the network’s devices. Disconnecting from the internet entirely is paramount. However, be sure not to turn off computers that are currently on.
- Identify and secure all backups of critical data (including those on external hard drives or kept in the cloud). Disconnect external hard drives from devices/the internet and move them to a secure location, away from the other devices.
- Remind dentists and staff members of confidentiality guidelines surrounding the breach and provide them with direction if they are directly contacted by the hackers.
What is the role of a cybersecurity firm?
Once a practice has selected a cybersecurity firm to work with following a ransomware attack, practice management should expect to receive updates on the extent of the breach, including which systems/devices were impacted as well as where the cyberattack originated. Cybersecurity analysts often find that hackers accessed the system through a vulnerability such as an employee unknowingly clicking on a phishing email link disguised as a legitimate website. All systems will be analyzed to try to determine the vulnerabilities in the network that allowed the hackers to breach and gain access to data.
The cybersecurity experts will continue to analyze the impact of a ransomware attack until it is resolved. They should also explain best practices and next steps to further secure the practice’s network and protect it against future cyberattacks.
Independent, third-party cybersecurity firms, not IT companies, will perform these tasks:
- Network hardening to avoid repeat attacks
- Daily testing of all dental office computers and firewalls
- Deployment of artificial intelligence-based antivirus platforms known as XDR
- Penetration testing and identification of high risks
- Autonomous vulnerability remediation
- Formalized cybersecurity training program implementation
Long-term effects of a ransomware attack
Dental practices that are victims of a ransomware attack suffer a significant loss of business continuity, revenue, and patient trust that can be devastating. It can also take an extended time to bring back all systems to prebreach operational functionality and overall patient care standards following a ransomware attack.
Practice managers and owners should be proactive in engaging in cybersecurity awareness training and assessments to minimize the chances of repeat attacks, as well as work with their existing IT resources and cybersecurity firm to implement strong and current vulnerability management, testing, and an independent cybersecurity audit to ensure the highest level of security.
Editor's note: This article appeared in the March 2023 print edition of Dental Economics magazine. Dentists in North America are eligible for a complimentary print subscription. Sign up here.
Reference
- Fact sheet: ransomware and HIPAA. Office for Civil Rights. U.S. Department of Health and Human Services. Updated September 20, 2021. https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/ransomware-fact-sheet/index.html
