A Brighter Way
  1. About
  2. Tax
  3. Accounting
  4. Practice Planning
  5. New Dentists
  6. Resources
  7. Blog

What Could A Cybercriminal Do To Your Dental Practice

You’re probably familiar with the term Ransomware and the financial toll it’s been taking on companies world-wide. One lesson that we continue to learn time and time again is that nobody is immune to this cyber threat – not even your dental practice.

Instances of cybercrime have reached an all-time high and ensuring that your practice has the procedures in place to guard against an army of determined fraudsters is more important than ever. But before you can implement effective controls, you must have a clear understanding of what it is that threatens your practice.

Know Your Enemy

Ransomware is the infection of a computer which immediately encrypts all recognizable file types. Once your network is infected, a screen will appear on your monitor, conveying the hacker’s demand: pay a ransom in exchange for your practice’s data to be “decrypted” and released or lose it all. The hackers then set the clock, making it clear that if the ransom is not paid before the deadline, your practice’s data will be destroyed.

4 Tips To Help Prevent A Ransomware Attack

To protect your business against Ransomware and other similar threats, I recommend following these best practices:

  1. Train office staff to identify phishing emails.

Numerous vendors can provide your dental practice with phishing tests and video training to help educate your office’s staff about phishing emails and ways to identify possible scams. The goal is to change the mindset of those within your practice when it comes to opening attachments and clicking on hyperlinks.

  1. Set your staff’s Microsoft Active Directory rights.

It’s unlikely that all your employees will need full-access to your practice’s entire database to do their jobs effectively. One way to protect your data is to only grant access to the databases each employee needs to do perform their job duties. This way, if an attack does occur, the damage can be isolated.

  1. Consider implementing programs such as Microsoft “AppLocker.”

When you implement programs like AppLocker, you require users to be assigned access to the programs they need to utilize. Again, this helps to isolate the threat which can help minimize the impact of an attack on your dental practice.

  1. Implement a Disaster Recovery (DR) Plan.

Some research indicates that only about 35 percent of small- to medium-sized businesses have a working and comprehensive disaster recovery plan. Is your dental practice included in this statistic? Business owners like you are learning time and time again just how important it is to have a plan in place to protect your business when crisis strikes. A DR plan, complete with regular plan testing and offsite backup data, will help prepare you for unforeseen events which, under current circumstances, could prove to be catastrophic.

Want to learn more? Email the Bright Dental CPAs for more information about protecting your dental practice from cybercrime.

By Brian Garland (Dublin office) 

Check out these related posts to help keep your dental practice safe:

Is Your Dental Practice Prepared For An IT Disaster?

Is Your Dental Practice in “The Cloud”?

Fraudulent Credit Card Transactions Will Become Your Practice’s Problem On Oct. 1

Fraudulent Credit Card Transactions Will Become Your Practice’s Problem On Oct. 1

PCI  to EMV – Protecting Your Patient Credit Card Data

Patient Data Protection - Ohio CPA Firm

As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your dental practice will be responsible for any loss that results from a fraudulent transaction.

Like their screenings and dental procedures, your patients want their payment experience to be as easy and painless as possible, which is why you have come to depend on the ability to process credit card payments, which are frequently used to cover the difference after insurance pays a portion. But did you know that the magnetic stripes on your patient’s credit cards make them susceptible to fraud?

Major data breeches have made the news in recent years and all businesses are at risk (including your dental practice). Fraudsters are able to steal the information hidden within the cards magnetic stripe and use that information to create a fraudulent card. To combat the growing threat on consumer data, most American businesses will be expected to implement Credit Card EMV (EuroPay, MasterCard and Visa) technology October 1.

Read Also: ID Thieves Don’t Discriminate, Health Professionals Are At Risk

Change Is Necessary To Protect Your Patients

Due to the increasing number of credit card breaches where millions of credit card numbers and associated data have been stolen, the industry has forced small businesses nationwide to adhere to PCI (Payment Card Industry) Security Requirements. Supported by the PCI Security Council, the ultimate goal of EMV is to stop and prevent further fraudulent activity. Success has already been noted in countries outside the U.S.

“Currently, almost half of the world’s credit card fraud happens in the U.S. where magnetic stripe technology is the standard,” states David Navetta and Susan Ross in a blog on Data Protection Report. “Outside the U.S., an estimated 40 percent of the world’s cards and 70 percent of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.”

Understanding EMV Technology

Credit Card EMV technology, which has been used in Europe since the early 1990s, replaces the magnetic stripe we have grown accustomed to with an imbedded chip that, scrambles sensitive cardholder data at the point of sale terminal. This technology ultimately makes it more difficult to access and replicate consumer data in an attempt to commit fraud.

Dental Practices Must Comply

Why should you be concerned about the credit card industry’s switchover to EMV technology? As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if your dental practice fails to adopt EMV technology, your practice will be responsible for any loss that results from a fraudulent transaction. If your practice currently accepts credit cards as a form of payment (and you would like to continue to do so), unless you want to be hit with potentially devastating losses, you must make sure to install and activate the new technology before the Oct. 1 deadline.

That being said, some types of businesses will have a little more time to comply. If you aren’t quite sure whether or not your practice is exempt, visit the website of each payment brand you accept to learn more.

Next Steps For Dentists

  • If you have not investigated or planned for EMV Technology, contact your card processor immediately to determine your business’s specific needs.
  • Implementing EMV technology can be a cumbersome and time consuming project, but the best way to protect your practice from fraud and liability is to implement the new technology as soon as possible.
  • If EMV technology has been implemented be sure to confirm that the chip reading capability has been enabled. In addition, confirm with issuers that cryptographic values are being associated with the card number to ensure that the EMV technology has been setup and configured properly. Verifying that cryptographic values are being assigned will eliminate the chance of misconfiguration and possible fraudulent activity.
  • Train your staff on the new procedures. When a patient tries to use their card, they will notice some changes, such as their credit card being held in the EMV reading slot throughout the entire transaction process. This is normal, however your staff should be prepared to answer the questions that will certainly arise.

By Brian Garland (Dublin office) 

Want to learn more ways you can protect your dental practice and your patients from a fraudster? Check out these articles: 

Dental Practices Should Beware Of Wire Transfer Scam

Is Your Dental Practice Safe From Scammers?

Internal Controls For Dental Practices

Rea & Associates, Inc. | Bright Dental CPAs | 7201 Center St, Mentor, Ohio 44060-4858
phone + 440-266-0077