The latest news on cyber security is the cyber attack on LifeLabs, one of the largest private providers of health diagnostic testing. In this attack, hackers may have accessed 15M customers’ personal data, including addresses, passwords, birthdays, health card numbers and lab results. Although LifeLabs paid the ransom to secure the data, it still isn’t guaranteed that a copy of the data wasn’t made by the hacker.
Unfortunately, LifeLabs isn’t the only company struggling with cyber attacks. Almost 90% of Canadian businesses reported having a data breach in the 12 months prior to October 2019, and the volume of attacks is only increasing. Each cyber attack can cost small businesses an average of $54,000 to remedy the crisis, which can be enough to put some of them out. For businesses that survive, they suffer a great loss in reputation and could be faced with lawsuits filed against them.
With so many businesses falling victim to cyber attacks, this is a wake-up call to tighten their data security. This is especially important for health care providers, such as dentists, to comply with PHIPA (Personal Health Information Protection Act, 2004) and safeguard their patient data.
Increasing Cyber Security at the Dental Office
The increase in cyber attack volume over the years means dental offices can no longer rely on basic security measures, like free anti-virus software. When a dental office neglects to keep their cyber security up to par, their computer network becomes vulnerable to cyber attacks.
To step up your cyber security, here are some things we suggest you do:
Keep Computer Systems Updated
Keeping your systems updated is the best way to keep your network secure. Without security updates or fixes, the system is vulnerable to new threats (viruses and malware) and gives hackers easy access to your network.
Microsoft recently announced that they will be ending support for Windows 7 as of January 14, 2020. This means technical support, software updates, and security updates or fixes will no longer be supported.
If you’re still running Windows 7, the best way to protect your patient data is to upgrade your systems to the latest operating system (Windows 10). This will allow you to receive all the updates so that you can keep your systems secure.
Encrypted Digital or Electronic Records and Backup
The Royal College of Dental Surgeons of Ontario’s guide to compliance with PHIPA urges dental offices to encrypt their electronic or digital records as a technical safeguard. Using software like Paradigm Clinical, which is equipped with a security manager and a fully encrypted database, allows you to protect your electronic records of personal health information and control who has access to them.
Regularly backing up (i.e. using a cloud-based solution) your patient data will save you from a lot of stress and money trying to recover them from a system failure or cyber attack. However, you should take it a step further and encrypt your backup as well, as it prevents hackers from accessing the backup without the correct key. Keep an extra copy of your encrypted backup off-site so that you’ll always be able to recover any lost data.
Hackers can use ransomware to lock you out of your computer system and demand payment before decrypting your files. However, like LifeLabs, it doesn’t guarantee that copies of the data weren’t made.
To avoid this event altogether, dental offices need to invest in anti-ransomware software to continually monitor their systems. A good software should:
- Be effective at protecting your system from real-world ransomware
- Quarantine any ransomware detected
- Reverse their encryption on your files
Enterprise Level Firewall
A firewall monitors and controls the incoming and outgoing traffic from your network, and is an added layer of security against cyber attacks. You can even prevent your computers from accessing certain websites or untrusted network traffic from reaching your computers.
An enterprise-level firewall can form a strong barrier between your internal network and any untrusted external networks. With that said, your dental office should invest in one to further protect your computers and patient data from cyberattacks.
Cyber Security Awareness Training
Employee education is the core of effective cyber security, yet only a small percentage get adequate training. If your dental clinic doesn’t already have security training policies in place, now is the time to do so. Even a one-hour session can greatly improve your staff’s ability to recognize potential breaches and stop any attacks from happening. Your training module should:
- Educate employees on the importance of data security
- Train employees on cybersafety like recognizing phishing attempts
- Teach employees your protocol for internet usage and how to handle patient data
Expect Data Crisis
The possibility of system failures is often overlooked, but hardware and software do breakdown over time. Schedule a system replacement every 3 to 5 years so that your office is up to date with the latest operating systems and security fixes. When the time comes, have your technician come in after hours to do the necessary backup and updates.
With the rising number of data breaches and costly consequences of cyber attacks, dental offices need to be on their best defence. Start with making sure your systems are up-to-date with the latest security fixes to eliminate vulnerabilities in your network. While anti-malware software, firewalls and well-informed staff are your first line of defence, you should also align with PHIPA by encrypting your data and backups to prevent any unauthorized access that slips through. Hackers are becoming craftier by the day, but having these digital safeguards in place can keep your office and patient data secure.
If you have any questions on how to upgrade your systems to enhance your data security, we can help! Contact us at (905) 946-1477 or email@example.com and we’ll be happy to go over different options with you.