Stopping Cyberattacks: Strategies for Dental Office Data Security
Over the past year, the dental community has experienced significant cyberattacks that have left thousands of practices victims of ransomware and data theft. Hackers are now able to gain access to a dental practice's network in a multitude of ways to not only encrypt the practice's data, but also steal it. In many instances where dental practices are held hostage by cybercriminals, the hackers steal patient data and often demand in excess of $100,000 to not release the data on the dark web, a part of the Internet that is intentionally hidden and requires the Tor browser to access it.
In a recent attack that my company investigated, the hackers released approximately 1% of the data. Upon analysis of the data, many documents related to patients, practice operations, and financial information, along with night call lists, day sheets, photographs, etc, were found to be published on a publicly viewable dark web website. Hackers are known to leave ransom notes on the practice's server demanding payment to decrypt the data and to not release it.
To protect the practice-and patient data-from cybercriminals, practitioners first must understand how their practice is vulnerable to an attack and then implement solutions to mitigate their risk. A dental team presents a high amount of "click risk" to the practice. Simply telling the staff to be careful about clicking on links or attachments is not an adequate solution. An ongoing cybersecurity awareness training program conducted by a cybersecurity firm should be implemented to educate the team to identify threats that present through email and the Internet. A phishing email that results in an incorrect click or download of a document by a team member or doctor can cause an attack against the practice. In many cases, the click results in malicious downloads that go right through the practice's firewall and bypass its antivirus software, resulting in encryption of all the data on the practice's computers and backups.
It must also be understood that all third-party vendors that have software installed on the practice's computers or have remote access into the practice's system present risk. In many of the recent ransomware and data exfiltration attacks that impacted practices, the entry point into the dental practice's network was a third party, like an IT company or consultant. These vendors must be independently audited by cybersecurity firms on a regular basis to check the security and integrity of their systems. If hackers gain access to the vendors' networks, they will use the vendors' computers to hack into the dental practice's computers. Practitioners should ask their vendors to supply a document from a cybersecurity firm showing that they are being tested on an ongoing basis, in addition to implementing advanced cybersecurity solutions within the dental office itself.
Practitioners must understand that any device connected to their network and the Internet is susceptible to an attack. This also includes the practice's Cloud backups. Hackers are launching highly sophisticated attacks and can gain access to all the practice's backups and either erase or encrypt them. In the last three attacks that my company dealt with, the hackers did just that. The practices were left with literally no recoverable data, and the only course of action was to pay approximately $50,000 in ransom to get their data back. A practice must have a disconnected backup, such as the "old school" method of a hard drive sitting at the practitioner's house with all of the practice data on it. It is not enough to rely strictly on the Cloud or connected backup solutions.
Hackers are deploying sophisticated hacking tools on networks that steal almost every user name and password as they are entered into the practice's system. Then they crack the practice's passwords, map the entire network, launch penetration testing tools to ascertain the weaknesses in the network, and install screen sharing applications to gain unrestricted remote access. In most of these attacks, based on forensic investigation, all of the computers can have malicious screen sharing applications installed on them allowing the hackers to watch everything the practice is doing, often for weeks before launching the ransomware attack. The use of sophisticated threat hunting software by a cybersecurity company can often help detect these hacking tools and improper activities on the network prior to the actual data theft and ransomware attack.
Fighting back against cybercriminals requires the deployment of sophisticated measures to protect the practice's network. IT companies are not cybersecurity firms. Just as there are specialists in healthcare, cybersecurity firms are also specialists. Dental practices should utilize real-time vulnerability management software to identify how hackers can break into their network and have an ethical hacker perform a penetration test on the network to simulate an attack on it. Sitting back and thinking, "This won't happen to me," and that your IT company has you protected could lead to devastating results.
About the Author
Chief Executive Officer, Black Talon Security, LLC, Katonah, New York