Hacks and breaches are one of the biggest concerns regarding healthcare records. They are extremely attractive to threat actors since they contain PHI. While most of the headlines in healthcare IT news talk about hospitals and payors experiencing security incidents, dental records incur the same risk. They include the same data that can end up for sale on the dark web.
The question for every practice to ask is, “Are my dental records secure?”
Cyber Attack Exposes Over One Million Dental Patient Records
In 2020, Dental Care Alliance, a dental support business with 320 affiliates, announced it was the victim of an attack. The breach lasted for almost a month before detection, compromising over one million records. It was the second-largest breach of 2020.
Such a hack isn’t uncommon or unexpected. Last year, the healthcare industry saw spikes in cyber-attacks, with the pandemic being a factor.
The Complexities of Healthcare Cybersecurity and Risks
Cybersecurity in healthcare continues to be more complex as hackers become more sophisticated. However, the industry has some internal challenges to work out around data security and protection. Certain practices can increase risk, of which you may not be aware. Those include:
- Keeping legacy systems running that are no longer supported.
- Failing to update patches on software platforms in a timely manner.
- Lack of employee training around cybersecurity.
- Inability to create standard protocols around data sharing or interoperability.
- Not backing up patient files to ensure redundancy and business continuity.
The Impact of a Cyber-Attack on a Dental Practice
If your practice was the victim of an attack, what would be the consequences? First, you could face fines or other reprimands for HIPAA non-compliance. If the breach wasn’t related to your reasonable care of the data, there are still other impacts, including:
- Loss of data, including deletion or encryption in a ransomware attack.
- Reputational harm, as you’ll have to notify patients.
- Financial costs, including paying for credit monitoring for patients, lost productivity, patients leaving, and audits.
Dealing with all these things can be a nightmare, so the best way to avoid them is to be as proactive as possible about data security.
Steps to Avoid Risk
Your network, applications, and databases should adhere to all cybersecurity and HIPAA best practices. That includes things like firewalls, monitoring, penetration testing, and employee training on things like phishing.
Beyond these tenets, there are some additional data management areas to consider.
Maintaining a legacy system is dangerous when it’s no longer supported. It could be an easy entrance into your network for hackers. Decommission legacy systems and archive those dental records in a web-based, secure platform.
The data your archive and that within current applications need a backup. For your archive, make sure you choose a partner that includes a redundant backup.
Do internal systems need to share certain information? If any of it is PHI, then it requires special care. This activity may be too complex for your IT team or MSP (managed service provider). Data sharing can be simple, but protocols and experienced professionals are imperative.
Keep Your Dental Records Secure
If you’re looking for support for data archiving, backup, or sharing, we can help. We’re experts in moving data for healthcare. Contact us today to learn more.