A pretty sobering report was issued by the Federal Bureau of Investigation (FBI) earlier last month. When looking at a variety of industries, the FBI found that the healthcare sector doesn’t have as strong of IT security practices as other industries – making it more vulnerable to security attacks.
Think about all of the information you retain in your files – many of which are electronic – on each of your patients. Believe it or not, a lot of the information you store can enable cyber attackers to access your patients’ bank accounts or prescription medications. But your computer systems aren’t the only way for cyber criminals to gain access to this information. In the FBI’s report, it cites a SANS Institute (an information security research and education organization) report that describes other potential ways criminals can get to critical patient information.
“Connected medical devices, applications and software used by health care organizations providing everything from online health monitoring to radiology devices to video-oriented services are fast becoming targets of choice for nefarious hackers taking advantage of the Internet of Things (IoT) to carry out all manner of illicit transactions, data theft and attacks,” said the SANS Institute report. “This is especially true because securing common devices, such as network-attached printers, faxes and surveillance cameras, is often overlooked. The devices themselves are not thought of as being available attack surfaces by health care organizations that are focused on their more prominent information systems.”
Pretty alarming information, right? So let me ask you, how strong are the IT security practices within your dental practice? If you’re not sure, then it’s probably time for you to consider what steps you need to take to ensure that your dental practice’s IT systems are adequately secure. Here are six things for you to consider:
IT Security Considerations For Your Dental Practice
1. Do you have any outdated software or office products that you should upgrade?
Earlier last month, Microsoft stopped supporting the Windows XP platform, meaning that Microsoft is no longer providing security patches for that platform. Therefore any businesses using Windows XP have a high risk of security issues. Do you have outdated office products, such as attached printers or surveillance cameras? What would you do if these items were to fail or fall prey to a cyber criminal? It might be a good idea to consider whether it’s worth the investment to replace or upgrade your practice’s software or products.
2. Do you have a disaster recovery plan in place?
If you’re not sure what you would do if your practice had a data breach, then now is a good time to put a disaster recovery plan in place. Do you have an offsite location where you store data? If so, make sure to test offsite backup data for accuracy and completeness. Re-access the priority of applications used to perform your main processing. An application priority listing is essential in the event of a disaster so that immediate recovery of your practice can begin.
3. When was the last time you reviewed your service agreements?
If it’s been a while, review all of your service agreements to verify that you aren’t paying for equipment or software that has been taken out of service. Again, ask: Would it be less expensive to replace equipment (and ensure stronger security) than pay for maintenance?
4. Do the right people have access to your IT systems?
Review user logins to ensure that the right employees have access to your network. Don’t leave unnecessary logins (i.e. former employees’ logins) active so that they could be accessed improperly. This is especially important if you’re using a cloud environment. Test shared drive directories to guarantee that areas that store sensitive data are still secure and only accessible by employees that actually need access for their job responsibilities.
5. Does your dental practice have an IT policy for its employees?
If you don’t have an IT policy for your employees, you’ll want to seriously consider creating one. If employees can access the Internet at your practice, consider what you’ll want them to have access to on the Internet. Also consider new technology devices (i.e. iPads, smartphones) your employees may own, and how these new devices may affect your internal network. What precautions will you take to limit the risk to your network?
6. Do you store any of your patients’ financial data on your network?
If you do, then you’ll want to make sure that you use extreme caution about where you store that data – if it’s necessary to store in the first place. Ensure that your practice is not storing credit card numbers, Social Security numbers, or checking/routing numbers in unsecure environments. Educate your employees to the importance of this security.
Contact Our Dental Practice Professionals
Not sure how to begin evaluating the strength of your practice’s IT security? Contact Rea & Associates. Our team of bright dental CPAs can help you start or continue the process of analyzing your current IT infrastructure and determine where you can strengthen your systems and processes.
Are You Backing Up Your Data?
Your Dental Practice May Need a Computer Upgrade
10 Ways to Protect Your Dental Practice from Theft