Monthly Archives: December 2014
Dental offices are now being hit with Ransomware (cyber blackmail). If you own or work in a dental practice, you need to know what Ransomware is, and the ramifications of this serious security breach.
Ransomware Trojans are a type of cyberware that is designed to extort money from a dental office. Often, Ransomware will demand a “ransom” payment in order to release the hijacked dental office software.
The hijacking of dental office software can include:
- Encrypting data and software that is used by a dental practice (Eagle Soft or Dentrix) – so that the dental office can no longer have access any type of patient information
- Blocking normal access to the entire dental office software
How Ransomware Enters Dental Office Computers
The most common ways in which Ransomware is installed are:
- Via phishing emails, or
- As a result of visiting a website that contains a malicious program
After the Ransomware has infiltrated a particular computer or network, they leave a ransom message on the computer screen that demands the payment of BitCon Currency in order to decrypt the files or restore the system to its normal function. In most cases, the ransom message will appear when the user restarts their computer after the entire infiltration has taken place.
In order to keep on top of the latest cyber security breaches, we have taken the intuitive to consult with cyber security forensic experts, in order to assist our dental clients, both before the breach occurs [for preventive measures] and after a breach occurs [to determine the extent of the damages].
If a dental office is infected with Ransomware, a practice could suffer a massive security breach, and be subject to huge HIPAA fines [$100.00 to $50,000.00 per violation, as well as $250,000.00 in criminal fines].
Every employee needs to understand his or her obligation in order to protect patient data. Employees also need clear expectations about behavior when it comes to their interaction with sensitive patient data. For that to happen, every practice should have a data security policy. The policy should outline policies and procedures that help safeguard employee, patient and third-party data, and other sensitive information.
The essential elements that form the foundation of a good privacy plan include:
Safeguard data privacy:
Establish password management:
Govern internet usage:
Manage email usage:
Govern and manage practice-owned mobile devices:
Establish an approval process for employee-owned mobile devices:
Govern social media:
Oversee software copyright and licensing:
Report security incidents: