The Articulate Dentist - A Blog by the Metro Denver Dental Society

Cyber Threats Continue to Impact the Dental Community

By: Mr. Gary Salman

The dental community continues to see triple extortion methods deployed by many hacking groups. These occur when hacking groups steal all the data from a victim, publish the data on the Dark Web and contact the practice’s employees and patients of record. This has become a highly effective method because it almost guarantees a dental practice will pay the ransom to prevent the leaking of confidential information. Hacking groups create “data leak sites” on the Dark Web where they showcase some or all the data stolen. These sites often include highly confidential information, including patient health history, lab reports, pathology, driver’s licenses, insurance cards, HR files, banking, and financial information. If payment is not made, hackers will begin selling or auctioning data on the Dark Web.

The legal and public relations nightmare associated with this type of event is significant. The cost and reputation damage to a dental practice can be severe. In almost all extortion cases, legal counsel will recommend payment of the ransom regardless of the availability of recoverable backups. Ransom demands and expenses associated with cyberattacks against dental practices continue to skyrocket. Practices can experience practice interruptions in excess of ten days and six figure expenses.

Many dental practices don’t understand the value of cybersecurity until they become a victim of an attack or have a close friend or colleague that has been extorted for hundreds of thousands of dollars. The lack of advanced cybersecurity solutions, the feeling of “it won’t happen to me”, and promises made by IT companies are the primary causes of these ransomware attacks. 

How do attacks against dental practices typically occur and why are they on the rise? Most practices that have been victims of an attack believed their IT company had them properly protected using firewalls, anti-virus software and backups. Unfortunately, this type of protection is now considered basic security and will not stop many types of attacks. Hackers will typically breach a network in one of two ways. The first is known as social engineering, where hackers trick employees into clicking on a link, opening an attachment, or giving up their credentials. This type of attack is often highly effective because the computer may not be able to defend against it since the employee/doctor initiated the action. Preventing this type of attack is relatively easy through cybersecurity awareness training. This training is required under HIPAA and will help to identify email and web threats and take corrective action to prevent falling victim. This training must be ongoing and should be conducted by a cybersecurity company that has a training platform designed to educate users on the various threats and methodologies hackers are using.

The second way hackers will breach networks is by exploiting known vulnerabilities (“open doors and windows on your network”) on a firewall, computers and other devices. They use sophisticated tools to scan these devices that enable them to exploit the device. Hackers often then use the devices to gain access to dental office network where they can persist for weeks prior to an attack being executed. During this time, they gather intelligence on everything you do and everything you access on your network. For instance, they will watch how and where you back up, the type of anti-virus software you use, the Cloud systems you access, the applications you use and what type of business you are. This intelligence-gathering exercise provides hackers with leverage when launching the final phase of the attack, which is the execution of their ransomware code. Only at this point will you and your IT company realize you have been attacked. Once all your computers are encrypted with ransomware, the hacker will leave a ransom note on some, or all, of the computers. This note typically indicates how to contact them and it may also include information about the amount of money they are demanding.

To address vulnerabilities on the firewall and network, a practice must implement real-time vulnerability management and penetration testing solutions immediately. These solutions constantly monitor, test, and evaluate the vulnerabilities on the network so they can be addressed and fixed. Since hackers exploit vulnerabilities, the elimination of high-risk vulnerabilities reduces the likelihood of an event.

New vulnerabilities are being discovered every day on computers, firewalls and devices. Without an effective cybersecurity program in place, you could become the next victim of a ransomware attack.

Let’s address the common misperceptions dental practices make related to cybersecurity:

  1. My firewall and anti-virus software will protect me.
  2. My backups will prevent me from having to pay a ransom/extortion demand.
  3. I am in the Cloud, so I have nothing to worry about.
  4. My IT company has me protected, so I have nothing to fear.
  5. Hackers won’t find me, there are too many “big fish” out there.
  6. Even if I get hit, I will be able to get back up and running quickly.
  7. The FBI has tools to decrypt my data.
  8. I don’t have any data that hackers care about.
  9. I have insurance, so I am covered.
  10. I am just a dental practice, not a hospital, so security does not matter to me

How to Build a Ransomware Resilient Practice:

  1. Have a comprehensive onsite and offsite backup solution that includes a disconnected backup.
  2. Implement real-time vulnerability management technology to identify and address vulnerabilities on devices within your office. Make sure the medium to high-risk vulnerabilities are addressed on an ongoing basis.
  3. Have an external penetration test done (on at least an annual basis) to identify entry points into your network that hackers will exploit.
  4. Utilize a cybersecurity awareness training platform to empower and educate your doctors and team on the various threats.
  5. Test employees to determine the effectiveness of the cybersecurity awareness training by utilizing a simulated phishing platform that sends emails that appear to be malicious.
  6. Engage with a dedicated cybersecurity company to perform a security risk assessment to help the practice understand where they have operational risk. A risk assessment is required under HIPAA.
  7. Implement Artificial Intelligence (AI) anti-virus and threat-hunting software known as Extended Detection and Response (XDR). XDR can replace your traditional, outdated anti-virus software.
  8. Utilize an independent third party, not your IT company, to perform the above-mentioned tasks. It is critical your IT vendor does not test and evaluate their own security measures. You don’t want “the fox guarding the hen house.”
  9. Implement a password management tool that creates unique and strong passwords for every website and application you utilize.
  10. Implement Multi-Factor Authentication (MFA) for financial institutions, credit cards, email systems, insurance carriers, software applications (such as practice management) and anywhere that supports it.

Cybersecurity is a rapidly changing landscape with new threats and hacking groups appearing almost weekly. An off-the-shelf solution is not the answer. You need a multi-layered solution by implementing the above-referenced ideas and technologies to give your practice a fighting chance against these highly sophisticated adversaries.

Mr. Gary Salman is the CEO of Black Talon Security and is dedicated to data security and understanding the latest trends in the industry, particularly as they relate to the dental industry. He has decades of experience in software development and computer IT and developed one of the very first Cloudbased healthcare systems.

The Articulate Dentist is a blog by the Metro Denver Dental Society, providing members with insight into the dental industry, practice management tips, tech trends and best practices as well as Society news and updates.