This article was published in DentistryIQ on April 23, 2020.
Millions of people are afraid of the dentist office. This leads to everything from mild anxiety before appointments to complete avoidance. Fortunately, advances in technology are improving the patient experience and easing fears. What most people don’t realize however, is that these same advances in technology make the dentist office more vulnerable to cyber-attacks. Without advances in security, we could end up trading one fear for another. Instead of worrying about drills and needles, people will worry about having their identity stolen.
Value of advanced technology
Advances in technology minimize discomfort, enable faster recovery, and shorten the treatment process. For example, laser dentistry can prevent the need for traditional drills and anesthesia and lower the risk of infection. Intraoral scanning is more comfortable and more accurate than dental impressions. Dentists can use 3D printing to create aligners, crowns, and other devices more quickly and deliver faster results. These, and other devices, are making dentist offices run more efficiently with more focus on the patient experience.
These advances are important for patients. The American Dental Association reports that more than one in five adults have not seen a dentist in several years. Further, according to a 2012 study published by the ADA, emergency room dental visits doubled nationwide from 2000 to 2010, rising from 1.1 million to 2.1 million. Advances that result in more people going to the dentist office for preventative care reduce overall costs and improve patient health.
Cyber-risk associated with advanced technology
Cybercriminals, however, are not afraid of the dentist office. A recent attack on a Colorado IT company resulted in hundreds of dentist offices infected with ransomware, preventing them from accessing patient data and systems. This is part of an increasing rate of attacks on healthcare providers. The reason is patient data. Patient data contains social security, payment and other valuable information that can be sold on the dark web for over $400 per patient record. Dentists have a treasure of data locked in their network.
The same devices that deliver improvements in patient care also deliver cybercriminals the keys to unlock the network and steal the treasure. The figures illustrate the challenge. All of these devices are connected to the network and therefore provide gateways into the network if hacked. So how hard is that?
Unfortunately, hacking into these devices isn’t hard at all. Most of these devices are not designed for security and few dental offices make security a priority when it comes to buying and maintaining them. In our work with dentist offices, two out of three devices had known vulnerabilities that could be exploited; each providing an easy opening into the network.
The risk to dentists and their patients cannot be understated. The cost of a data breach in healthcare averages around $400 per compromised patient record. This means that the cost to clean up a data breach can easily reach millions of dollars and forces most small providers to close. For patients, it brings the stress, anxiety and potential costs of being a victim of identity theft.
Recommended solution
While cybersecurity is a topic that many may find intimidating, there are simple steps that can be taken to protect dental offices and patients:
Insurance: They should consider an appropriate level of cyber insurance and understand what’s covered. For example, many policies do not cover nation-state cyber-attacks or attacks by state-sponsored groups. Also, many policies provide incentives including some cost share to help implement good cybersecurity practices.
Understand risk first: They shouldn’t start by buying a technical solution or service. Often, they are bad investments because they are not addressing the biggest risks. Worse yet, it may create a false sense of security. While technical tools are important, they should know that 95% of cyber-breaches are human-enabled and 60% are insider led. Hence, a holistic understanding of their risk inclusive of people, process, policy, and technical considerations is essential. Typically, external IT providers lack sufficient understanding of individual dental office’s operation to offer robust and holistic solution. Performing this holistic risk assessment once or twice a year will ensure that they are focused on the right solutions for the biggest risks.
Manage risk proactively: They should remediate/mitigate vulnerabilities cost-effectively and proactively. Preventive measures offer better payoffs than detecting or responding to an attack. This may include basic cybersecurity awareness and training for the staff, process and policy updates, and good cyber-hygiene practices like strong passwords and multi-factor authentications. This is a point when a technology partner or IT provider can be brought in to offer a solution that can effectively be resolved by technology.
For most people, the biggest challenge is knowing how to approach this emerging cybersecurity threat. To ensure good governance of a cybersecurity program, dentists and their administrators need enough knowledge to ensure advice provided to them is sound, methods and tools offered by vendors are appropriate and good ROI is achieved for their efforts.
ResiliEYE is an easy-to-use platform that dentists can use to manage their cybersecurity related risks holistically with an ROI mindset. Using the platform, they can uncover all cyber related risks in their offices and decide which ones are to be addressed with what solutions. They can also request to receive a free guide on how to cost effectively address cybersecurity by e-mailing at info@ResiliAnt.co.