GAGD EXPLORER • SPRING 2015
Dental offices are now being hit with Ransomware (cyber blackmail). If you own or work in a dental practice, you need to know what Ransomware is, and the ramifications of this serious security breach.
Ransomware Trojans are a type of cyberware that is designed to extort money from a dental office. Often, Ransomware will demanda “ransom” payment in order to release the hijacked dental office software.
The hijacking of dental office software can include:
- Encrypting data and software that is used by a dental practice (Eagle Soft or Dentrix) – so that the dental office can no longer have access any type of patient information
- Blocking normal access to the entire dental office software
How Ransomware Enters Dental Office Computers
The most common ways in which Ransomware is installed are:
- Via phishing emails, or
- As a result of visiting a website that contains a malicious program
After the Ransomware has infiltrated a particular computer or network, they leave a ransom message on the computer screen that demands the payment of BitCon Currency in order to decrypt the files or restore the system to its normal function. In most cases, the ransom message will appear when the user restarts their computer after the entire infiltration has taken place.
In order to keep on top of the latest cyber security breaches, we have taken the initiative to consult with cyber security forensic experts, in order to assist our dental clients, both before the breach occurs [for preventive measures] and after a breach occurs [to determine the extent of the damages].
If a dental office is infected with Ransomware, a practice could suffer a massive security breach, and be subject to huge HIPAA fines [$100.00 to $50,000.00 per violation, as well as $250,000.00 in criminal fines].
Protection Guidelines for a Dental Office
A security breach may be able to be prevented with certain guidelines. Below is a list of security guidelines that every dental practice should implement and follow:
- Do not charge mobile devices via laptop and USB
- Identify where sensitive data is stored and how it is protected
- Perform an annual independent IT security assessment
- Limit employee use of public Wi-Fi when accessing dental practice data
- Examine the use of cloud storage for highly sensitive data
- Continuously update software to close potential vulnerabilities
- Encrypt portable devices (laptops, smartphones, USB)
- Ensure that shared resources such as wireless printers are secure
- Use two-factor authentication on privileged accounts
- Minimize 3rd party access to sensitive data and network assets (vendors, contractors, practice consultants, etc.)
- Design and implement a segmented network (servers, wireless, personal computers, etc.)
Unfortunately, data breaches can happen to small and large dental practices. In fact, some dental practices may have already been breached, and practice owners do not even know it. With the implementation of simple security guidelines, the security of dental office data can be substantially improved. Technology alone cannot prevent data breaches, the protection of patient information and other practice data must be a team effort.
Stuart J. Oberman, Esq. handles a wide range or legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA and HIPAA compliance, real estate transactions, lease agreements, non-compete agreements, dental board complaints and professional corporations.
For questions or comments regarding this article please call 770.554.1400 or visit www.obermanlaw.com