What Could A Cybercriminal Do To Your Dental Practice

You’re probably familiar with the term Ransomware and the financial toll it’s been taking on companies world-wide. One lesson that we continue to learn time and time again is that nobody is immune to this cyber threat – not even your dental practice.

Instances of cybercrime have reached an all-time high and ensuring that your practice has the procedures in place to guard against an army of determined fraudsters is more important than ever. But before you can implement effective controls, you must have a clear understanding of what it is that threatens your practice.

Know Your Enemy

Ransomware is the infection of a computer which immediately encrypts all recognizable file types. Once your network is infected, a screen will appear on your monitor, conveying the hacker’s demand: pay a ransom in exchange for your practice’s data to be “decrypted” and released or lose it all. The hackers then set the clock, making it clear that if the ransom is not paid before the deadline, your practice’s data will be destroyed.

4 Tips To Help Prevent A Ransomware Attack

To protect your business against Ransomware and other similar threats, I recommend following these best practices:

  1. Train office staff to identify phishing emails.

Numerous vendors can provide your dental practice with phishing tests and video training to help educate your office’s staff about phishing emails and ways to identify possible scams. The goal is to change the mindset of those within your practice when it comes to opening attachments and clicking on hyperlinks.

  1. Set your staff’s Microsoft Active Directory rights.

It’s unlikely that all your employees will need full-access to your practice’s entire database to do their jobs effectively. One way to protect your data is to only grant access to the databases each employee needs to do perform their job duties. This way, if an attack does occur, the damage can be isolated.

  1. Consider implementing programs such as Microsoft “AppLocker.”

When you implement programs like AppLocker, you require users to be assigned access to the programs they need to utilize. Again, this helps to isolate the threat which can help minimize the impact of an attack on your dental practice.

  1. Implement a Disaster Recovery (DR) Plan.

Some research indicates that only about 35 percent of small- to medium-sized businesses have a working and comprehensive disaster recovery plan. Is your dental practice included in this statistic? Business owners like you are learning time and time again just how important it is to have a plan in place to protect your business when crisis strikes. A DR plan, complete with regular plan testing and offsite backup data, will help prepare you for unforeseen events which, under current circumstances, could prove to be catastrophic.

Want to learn more? Email the Bright Dental CPAs for more information about protecting your dental practice from cybercrime.

By Brian Garland (Dublin office) 

Check out these related posts to help keep your dental practice safe:

Is Your Dental Practice Prepared For An IT Disaster?

Is Your Dental Practice in “The Cloud”?

Fraudulent Credit Card Transactions Will Become Your Practice’s Problem On Oct. 1

The Important Role IT Security Plays Within Your Dental Practice

Role of IT in Dental PracticeA pretty sobering report was issued by the Federal Bureau of Investigation (FBI) earlier last month. When looking at a variety of industries, the FBI found that the healthcare sector doesn’t have as strong of IT security practices as other industries – making it more vulnerable to security attacks.

Think about all of the information you retain in your files – many of which are electronic – on each of your patients. Believe it or not, a lot of the information you store can enable cyber attackers to access your patients’ bank accounts or prescription medications. But your computer systems aren’t the only way for cyber criminals to gain access to this information. In the FBI’s report, it cites a SANS Institute (an information security research and education organization) report that describes other potential ways criminals can get to critical patient information.

“Connected medical devices, applications and software used by health care organizations providing everything from online health monitoring to radiology devices to video-oriented services are fast becoming targets of choice for nefarious hackers taking advantage of the Internet of Things (IoT) to carry out all manner of illicit transactions, data theft and attacks,” said the SANS Institute report. “This is especially true because securing common devices, such as network-attached printers, faxes and surveillance cameras, is often overlooked. The devices themselves are not thought of as being available attack surfaces by health care organizations that are focused on their more prominent information systems.” 

Pretty alarming information, right? So let me ask you, how strong are the IT security practices within your dental practice? If you’re not sure, then it’s probably time for you to consider what steps you need to take to ensure that your dental practice’s IT systems are adequately secure. Here are six things for you to consider:

IT Security Considerations For Your Dental Practice 

1.     Do you have any outdated software or office products that you should upgrade?

Earlier last month, Microsoft stopped supporting the Windows XP platform, meaning that Microsoft is no longer providing security patches for that platform. Therefore any businesses using Windows XP have a high risk of security issues. Do you have outdated office products, such as attached printers or surveillance cameras? What would you do if these items were to fail or fall prey to a cyber criminal? It might be a good idea to consider whether it’s worth the investment to replace or upgrade your practice’s software or products.  

 2.     Do you have a disaster recovery plan in place?

If you’re not sure what you would do if your practice had a data breach, then now is a good time to put a disaster recovery plan in place. Do you have an offsite location where you store data? If so, make sure to test offsite backup data for accuracy and completeness. Re-access the priority of applications used to perform your main processing. An application priority listing is essential in the event of a disaster so that immediate recovery of your practice can begin.

3.     When was the last time you reviewed your service agreements?

If it’s been a while, review all of your service agreements to verify that you aren’t paying for equipment or software that has been taken out of service. Again, ask: Would it be less expensive to replace equipment (and ensure stronger security) than pay for maintenance?

4.     Do the right people have access to your IT systems?

Review user logins to ensure that the right employees have access to your network. Don’t leave unnecessary logins (i.e. former employees’ logins) active so that they could be accessed improperly. This is especially important if you’re using a cloud environment. Test shared drive directories to guarantee that areas that store sensitive data are still secure and only accessible by employees that actually need access for their job responsibilities.

 5.     Does your dental practice have an IT policy for its employees?

If you don’t have an IT policy for your employees, you’ll want to seriously consider creating one. If employees can access the Internet at your practice, consider what you’ll want them to have access to on the Internet. Also consider new technology devices (i.e. iPads, smartphones) your employees may own, and how these new devices may affect your internal network. What precautions will you take to limit the risk to your network?

6.     Do you store any of your patients’ financial data on your network?

If you do, then you’ll want to make sure that you use extreme caution about where you store that data – if it’s necessary to store in the first place. Ensure that your practice is not storing credit card numbers, Social Security numbers, or checking/routing numbers in unsecure environments. Educate your employees to the importance of this security. 

Contact Our Dental Practice Professionals

Not sure how to begin evaluating the strength of your practice’s IT security? Contact Rea & Associates. Our team of bright dental CPAs can help you start or continue the process of analyzing your current IT infrastructure and determine where you can strengthen your systems and processes.

Related Articles

Are You Backing Up Your Data?

Your Dental Practice May Need a Computer Upgrade

10 Ways to Protect Your Dental Practice from Theft


Are You Backing Up Your Data?

Data ManagementWhat would happen if you lost all your data?  All your patient information… gone. All you financial information… gone. Everything… gone!

It’s a scary thought, but it’s something every dental practice must be prepared for. As more and more dental offices are becoming totally paperless, this becomes a bigger issue. If your dental practice is currently paperless or if you’re thinking about making the switch, you need to prepare now for a potential loss of data.

Moving to a Paperless Dental Practice

Contract with an IT company before you go paperless. They will be instrumental in both your hardware and software setup. While your IT company will be a great resource, you should keep in mind the following items that will need to be addressed when working with them to set up your paperless office:

  • Network Evaluation. Verify that your network is adequate for the number of computers in your office.
  • Software Integration. Ensure your IT company is aware of all the software you use and how it works together.
  • Real-Time Troubleshooting. Confirm that your IT company can monitor your computers in real-time so problems can be identified before they become too costly.
  • System Security. Develop a process that ensures your anti-virus software is always up to date and your firewall is protecting all the computers on your network.
  • Email Encryption. Educate yourself and your office staff on proper encryption of e-mails or files. Put a process in place and make sure everyone follows proper procedures.
  • Back-up. Implement a process to ensure that you back-up data and store it off-site. Without a back-up procedure, your data will probably be lost for good.
  • Disaster Recovery.  Create a procedure for disaster recovery with your IT company so you can recover the information you need to continue your operation with as little disruption as possible.

Selecting an IT Company

Most important is finding an IT company that you know you can rely on for support. Most IT company’s charge a monthly fee for support. Make sure you understand what you are getting for that fee and if it properly reflects the support you need for your dental practice. During the selection process, be sure to read their contracts, talk to your representatives about the safety of your data and, above all else, make sure  that you will be able to continue your business operations in a timely manner if disaster strikes.


Whether you have questions about becoming a paperless dental practice or have made the switch and not sure how secure your data is, contact Rea & Associates. Our team of bright Dental CPAs can work with on what you need to make the switch or make sure your data is being stored securely.

Related Articles

Your Dental Practice May Need a Computer Upgrade

Ten Tips for Growing Your Dental Practice

What To Consider When Purchasing A Dental Practice