I help dental practices understand how to protect their patient data from hackers, ransomware, data theft, and other nasty cyber threats. One of the common things I hear following a cyber-attack is that often people know that they have clicked on an attachment or link that they shouldn’t, but because something didn’t happen right away, they didn’t think anything of it.
Nothing happening is exactly what the cybercriminal wants you to think. This is how they gain access to lurk around inside your systems and networks for days, weeks, or even months.
Let’s look at recent ransomware attacks by cybergangs Ryuk and Maze, where adversaries lurked in the data center shadows and within endpoint devices – collecting counterintelligence, stealing credentials, and pushing malware throughout the network. “Only after pilfering all of a company’s digital goods did criminals finally encrypt files and demand a ransom, in what’s become an increasingly common “double extortion” attack.” Threatpost May 20, 2021
Related story: A Toronto dental clinic was recently the victim of a ransomware attack that encrypted files on 19 out of the clinic’s 22 computers. The hackers demanded a $165,000 ransom from the dentist after infecting the clinic’s computers with a form of ransomware called Ryuk.
According to a recent SANS Institute survey, 14 percent of firms indicate that the time between compromise and detection (dwell time) is between one to six months. Of those that detected an intrusion, nearly 10 percent said it took up to three months to contain it and toss the cybercriminals out. Imagine knowing that cybercriminals had been spying on your practice for all that time, checking out your financial situation, stealing credentials, copying out your data, then finally encrypting your database to extort money from you.
Ransomware continues to be the biggest threat to dental practice data and simply ‘paying the ransom’ is not a viable strategy since we now have data theft in the mix. Also, people often don’t get all of their data back, since often some data is lost in the decryption process, even when the bad guys do give you the key to unlock it.
Prevention & Detection:
According to Kaspersky, 28 percent of companies that implemented Endpoint Detection & Response EDR solutions, instead of just antivirus were able to cut dwell time to hours or less.
Maintenance of operation systems and applications is extremely important as the updates often patch security holes in the software which further helps safeguard your data. This can be automated using software like Alexio Defender.
System hardening is the process of enforcing multiple safeguards onto individual systems to stop cybercriminals from exploiting them, and it also goes a long way in preventing human error because it blocks access to things like social media, webmail, file transfer sites, bed websites, and more. Software tools that execute system hardening are a critical part of a dental practice cybersecurity plan.
Ransomware safeguarding is now available. Alexio™ Defender with RansomGUARD™ technology detects, identifies and isolates ransomware outbreaks.
RansomGUARD™ is the last line of defense against ransomware and is designed to shut down and isolate a system at the moment it’s infected. This technology can prevent ransomware from spreading to other computers on a network, and in many cases ensure that valuable server data is spared from being encrypted or exfiltrated.
Protecting healthcare practices comes down to ensuring that practitioners like dentists, and family medical offices have robust, but affordable protection. Affordability is critical. Every practice, no matter what size has a legal and regulatory responsibility to ensure the security of their patient information, so they need robust solutions that fit their budget.
It is about technology, and as importantly it’s about having access to experts who understand how to build a cyber defense strategy for that type of digital environment. Aside from that, continuous basic cybersecurity awareness training is a must. Cybercriminals know that technology is easier to beat when they can ‘socially engineer’ a naive user into granting them access to the system.
Helpful Resources:
Cybersecurity Awareness Training for Dentists, Practice Managers & Team Members: https://www.myla.training/
Free Monthly Privacy & Cybersecurity Webinars for Dentists & Practice Managers: https://www.myla.training/courses/ask-us-cybersecurity-and-data-privacy-for-dental-practices
Security Risk Assessment for Dental Practices: https://getalexio.com/security-assessment/
All-in-One Security Software for Dental Practices: https://getalexio.com/system-security/
Backup & Disaster Recovery Planning/Solutions: https://getalexio.com/data-backup/
Book Anne to speak or train your team.
