Protecting your network and your practice and patient data requires regular assessments to identify unsecured ports, and other potential security risks.
Let's face it, many dental offices prefer to live by the old adage, “If it ain’t broke, don’t fix it.” Most of us are lucky if we get to even a majority of the items on our to-do list. We’ve evolved into a society of digital firefighters who run from one emergency to the next while also trying to get more work done with fewer resources.
When it comes to setting up and managing an IT network, even the most diligent with competent internal and external technical resources (and, unless you’re a large group practice or DSO, it’s all external) struggle to keep up. Most of our IT time is spent responding to client issues, patching systems, monitoring the backups... you know, the daily tasks required to keep a modern dental practice running and have all their data available.
In a lot of situations, there’s a lot that can be “broken” that sits under the hood. The reality is we rarely look there because nobody is complaining about their system. Yet around 90 percent of the networks we analyze for our HIPAA risk assessments have a potentially serious problem sitting undetected, just waiting to create a data disaster.
Many software systems require you to open ports from the firewall/router to the internet, which is definitely not safe or best practices. Former employees and others, such as previous IT companies with remote access credentials, may still have access to your network without your knowledge. When you replace a laptop or workstation, what are you doing with the older system? If it’s lying around, it most likely can easily connect to the network if it were ever stolen.
Many PMS programs recommend giving all employees administrator level access to the data, basically giving everyone in your office unfettered access to private data. And the list goes on.
What’s sad is that in most cases, these network “landmines” waiting to explode can easily be discovered and “disarmed.” You don’t need to be a rocket scientist, it doesn’t require major expenditures, and it doesn’t require a lot of time. In essence, you just need to find the right software tool and a qualified technician who can run the scan, analyze the results, and develop a treatment plan on how to resolve the issues.
In my opinion, the cost-benefit of running periodic network scans is a no-brainer. No matter how busy your practice, you really can’t afford NOT to take a few hours a couple of times per year to scan and analyze your network for those hidden configuration settings and security holes that are easy to fix and could prevent some major headaches.
Even if your network is small by most standards (server and 5-10 workstations, for example), you should consider at the least an annual scan. And if your network is larger, then consider doing it more frequently, say, every 3-4 months. This is the minimum I would recommend as it’s a worthwhile insurance policy to protect your IT assets and your practice. And, oh, did I mention that HIPAA requires you to do this??
If you haven’t done a formal risk assessment or can’t remember the last time you did, reach out to your IT provider, or feel free to contact me if you’d like to discuss how I can help