Is your practice secure?

June 3, 2015

Your practice and the data you store is an enticing target for cybercriminals. Recent research indicates that your practice's patient health information (PHI) can be 10 to 20 times more valuable on the black market than credit card numbers.

Your practice and the data you store is an enticing target for cybercriminals. Recent research indicates that your practice's patient health information (PHI) can be 10 to 20 times more valuable on the black market than credit card numbers.1 Last fall following a cyberattack on a hospital group that resulted in millions of patient records being stolen, the FBI issued a flash alert warning that healthcare companies are being targeted by hackers.2 Obviously, dental practices are targets too. If you think data loss or cyberattacks can’t happen to you, you are burying your head in sand. It’s important for you to take steps now to protect your patient data and the future of your practice.

Understand the Risks

Most dentists employ some form of security to protect their practice from a data breach or loss. However, the safeguards often provide only one or two types of defense, which doesn’t allow for adequate protection from the variety of vulnerabilities facing your practice. Without a combination of proper security protections, you put your practice at risk in the following ways:

Financial penalties: violating HIPAA regulations can result in penalties ranging from hundreds to tens of thousands of dollars.

Patient loss: Harris Interactive conducted an online survey in August 2013 that showed 40 percent of participants would look for a new dentist if their personal information was stolen from their current dentist.3

Implement Multiple Security Solutions

Integrating a combination of security solutions provides robust protection for your practice. Below is a list of recommended security solutions you should use.

#1 Keep Your Hardware and Operating Systems Up-to-date. Using old or outdated hardware and operating systems in your practice exposes your data to cyberattacks. Last year, Microsoft stopped supporting Windows XP, and later this year it will stop supporting Windows Server 2003. This means that new patches, security fixes, and updates are either no longer available (for Windows XP) or will no longer be available after July 14, 2015 (for Windows Server 2003). Cyber attackers who find new vulnerabilities in these operating systems can exploit them because the new liabilities will be unknown and unfixable.

If you are still running Windows XP or Windows Server 2003 in your practice, now is the time to upgrade. New hardware and operating systems offer substantial security enhancements over older, outdated systems. Plus, upgrading enables new technologies that can increase your productivity and profits.

#2 Enable Data Backup. Make sure your data backup solution will encrypt the data, store the data both locally and off-site, restore the data, and perform regular tests to ensure that everything is functioning properly. Employing regular data backup can protect critical business applications by:

Minimizing down time: Allows you to quickly resume productivity if something goes wrong.

Creating a more efficient practice: Saves you time and hard drive space with smart incremental backup.

Protecting against data loss: Performs partial data recovery (PDR) or disaster data recovery (DDR) after disaster.

#3 Employ Data Encryption. One security expert said: “Data is like water- it leaks. It wants to go places and does not like being constrained or organized.”4 In other words, when it comes to disasters, the question isn’t if, but when they will occur. One way to protect against a data breach is to employ full disk encryption. When data is encrypted, access is restricted unless you have an encryption key.

The article “Multi-layered Security: The Best Defense,” published in the Winter 2014 issue of Dentrix Magazine, provides detailed information about the type of encryption that dental practices should use. You can read it online at: www.dentrix.com/training/dentrix-magazine

#4 Firewalls, Anti-virus, and Remote System Monitoring. The following solutions should also be part of your protected practice:

Internet Firewall Security: Provides secure access to the practice network and data from across the Internet. Effective firewalls can block malicious web software and filter inappropriate or offensive web content.

Anti-virus Software: Delivers real-time, continual protection for all of your computers.

Remote System Monitoring: Detects and reports hardware and software status, performance issues and vulnerabilities that could affect your practice.

Seek Advice on How to Protect Your Practice

If you are unsure about your next step for protecting your practice, ask an expert. Henry Schein TechCentral can perform a security assessment to identify areas in your practice that can be strengthened. TechCentral’s suite of solutions can help ensure that your practice remains protected and profitable. Later this year, TechCentral will be releasing a new cloud backup solution, as well as data encryption for new servers. Trust the tech experts to help evaluate your practice and recommend the right equipment to meet your needs. Contact TechCentral at 877-483- 0382, or visit us on the web at www.HSTechCentral.com/ProtectYourPractice.

 

1www.healthlawoffices.com/medical-records-worth-credit-cards-hackers/; www.cnbc.com/id/101708255#2www.reuters.com/article/2014/08/20/us-cybersecurity-healthcare-fbi-idUSKBN0GK24U201408203www.infolawgroup.com/2013/11/articles/information-security4securityintelligence.com/the-impact-of-a-data-breach-can-be-minimized-through-encryption/#.VLRYz3sQ7Xu