Prioritize cyber security with Samera’s expert lessons. Safeguard your dental or healthcare practice from online threats. Enroll now for data protection
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
Businesses rely more and more heavily on digital data storage with each year. Whether this be automated online tax software, in-house financial data or your clients’ records, it is likely that your most valuable and sensitive information is being stored digitally.
Storing and processing data digitally has so many benefits, but it also comes with many new threats that paper records do not face.
Digital records are at risk of being stolen, destroyed, or manipulated in ways that paper records never were. In fact, with the right tools, your digital records are in many ways MORE at risk of being corrupted or stolen than paper records.
This is why it is so important to have a cyber security strategy in your business.
Without the right training, software, and contingency plans, your business records and your patient or client data are at risk.
Is Your Dental Practice In Danger From A Cyber Attack?
The short answer is – yes.
Every business is at risk from cyber threats. However, patient-facing medical businesses like yours are prime targets for cybercriminals.
Not only do you hold your own financial data, but you also hold valuable patient records on your servers. These records can often be top-priority targets for cybercriminals for various reasons, such as identity theft and even corporate blackmail.
Because of this, dental practices like yours represent a jackpot to hackers and cybercriminals.
One of the biggest threats you face will be viruses known collectively as malware, such as ransomware. Ransomware is a malicious virus which automatically encrypts your data and makes it impossible to access unless you pay the criminal(s) a ransom.
With our cyber threat training, antivirus software and regular backups of your entire data, we can make sure yours and your patient’s information isn’t held hostage or stolen by criminals.
Do you have a cyber security strategy already implemented in your business?
Are your team trained in how to recognise, respond to and solve cyber threats?
Do you use endpoint protection, full disk encryption and dynamic threat defence?
Do you have regular, secure backups for all of your financial and patient data?
If you answered ‘no’ to ANY of these questions, your practice is at risk.
You need a human firewall made up of your team, the right antiviral software, and you also need a safe and easily accessible backup strategy for your business to make sure that you are protected if anything should ever go wrong.
Even the biggest companies and institutions fall victim to cybercriminals. Think about the NHS cyber attack in 2017 and the chaos it caused. Even global corporations like Yahoo have their security breached and their data stolen.
The human firewall
Unfortunately, it’s not just external factors that put your sensitive data at risk. Human error is one of the biggest factors in data loss.
Every business needs to train their employees to protect the business and its clients from attack. With the right training on how to identify, prevent and respond to cyber threats, your staff become the first line of defence in your business – a human firewall.
However, they may not spot everything, they may be faced with a problem they haven’t been trained to solve, or they may simply make a mistake.
Whatever the reason, there may well come a time when your business is successfully attacked, despite your best efforts.
When this happens, the second line of defence steps in – our antivirus software.
Antivirus software
The antivirus software we use is more than just the standard software that comes with every new laptop or desktop computer.
We use a 3-pronged approach to keep your data and digital records safe:
Endpoint protection (a pro-active antivirus software which not only blocks incoming attacks, but seeks out and destroys any existing or hidden malicious software)
Full disk encryption (this is the process of obscuring your most sensitive data by rewriting it in a specific code, to which only those you designate will have access)
Dynamic threat defence (an anti-virus software which recognises any suspicious software and isolates it to be analysed – meaning you are protected even from brand-new malware that isn’t recognised as malicious yet).
Combined, these 3 defences can help ensure your business is as protected online as it can be.
But what happens if your first 2 lines of defence are breached?
Backing up your data
If something happens to your data, whether it be destroyed or stolen, our backup service can ensure you can recover and access the lost information.
Our backups only take a matter of hours at most and are run on a daily basis. This means that if anything happens to your data today, you can recover it as it was on the last backup that morning.
Aside from providing the proper software to protect your practice from the frontlines, including the training to use it, we also keep your data backed up and protected on secure cloud servers.
Our server creates regular and secure copies of your servers to make sure you also have access to the most recent copies of your data, information and records.
From financial data, personal information and your patient records, we make sure you do not face needless downtime and even legal issues while trying to recover data or fight cybercriminals.
With our safe, virtual, cloud-based copies of your servers, you can simply flip a switch and recover your latest daily backup easily, quickly and safely.
Action Points
Implement a comprehensive cyber security strategy for your dental practice.
Train your team on how to recognize, respond to, and resolve cyber threats effectively.
Invest in advanced antivirus software, including endpoint protection, full disk encryption, and dynamic threat defense, to protect your data from malware and cybercriminals.
Ensure regular, secure backups of all your financial and patient data to recover quickly in case of data loss or cyber-attacks.
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
There is no denying that cyber hacking happens daily, and dentists should not think that they are an exemption. Healthcare services including dental practices are prime targets for hackers. In fact, small businesses containing health information are targeted quite often.
Data breaches are a major threat to healthcare providers, especially dentists; they are becoming targets for cybercriminals more and more frequently. Health organizations make up roughly 33% of all data security breaches across all industries. It has been shown, however, that a majority of personal health information data breaches has been a result of human error from healthcare employees.
In this webinar, Arun and George take a look at the different cyber security threats facing dental practices, cyber security strategies for dentists and how to respond when your practice is attacked online.
Why are Dental Practices at Risk From Cybersecurity Threats?
Dental practices are becoming hot targets for these cyber criminals because dental offices hold vast amounts of personal data. Not only confidential personal information of your patients such as birthdates, addresses and full names, but also hundreds, if not thousands, of instances of banking information. Hackers also like to target the smaller healthcare businesses because they believe small businesses do not have the resources for sophisticated security measures and they will, therefore, be easier targets.
The threat of this confidential information being stolen is great and dental practice owners must address this concern as soon as they possibly can before a theft occurs and creates a legal nightmare for your business.
You must ensure that your dental practice has the proper IT solutions and cybersecurity procedures in place to adhere to the relevant guidance and regulations.
Action Point
Implement robust IT solutions and cybersecurity measures to protect patient data and comply with regulations.
The Need for Cybersecurity in Your Dental Practice
The biggest mistake many dental practices are making is that they believe cyber criminals are not a threat to their small dental practices. However,
The increase of cyber criminals targeting healthcare businesses leaves your dental practice at risk. This is evident through the following statistics:
The healthcare industry accounts for 43% of all data security breaches
47% of all cyber security attacks target small businesses like independent private dental practices
Since September 2009, almost 21,000,000 health records have been compromised
Many hackers target smaller practices because they assume small businesses do not have the necessary security software of firewalls in place to protect it in place. Unfortunately, in many instances they are right.
Your dental practice is a wealth of patient data which means it is necessary for you to take the proper cybersecurity precautions to make sure that you are adhering to the proper regulations and your patient’s data do not fall into the wrong hands.
Action Point
Implement cybersecurity precautions to protect patient data and adhere to regulations, safeguarding against the high risk of cyber attacks targeting healthcare businesses.
Within the last couple years, dental practices have taken a major step in digitising their entire business and using the internet to centralise patient data and improve patient care.
Storing patient information in the cloud has its benefits:
Accessible any time from any location
Automatic backup
Patient data can easily and securely share between different practices
If proper precautions are not taken, dental practices are very vulnerable to security threats and data breaches.
When these breaches happen, confidential patient data can be sold on the DarkWeb resulting in fraud, identity theft and possibly blackmail and other criminal activities. Hackers can also hack your systems and access your own personal company data. Believe us, nothing good will ever come from that. Extortion, blackmail…. It is not pretty.
Action Point
Implement robust cybersecurity measures for cloud-stored patient data to prevent breaches and protect against fraud, identity theft, and other cyber threats.
If your dental practice gets hacked in any way, the consequences for your dental practice will not only cost you time and money but also potential lawsuits from patients, loss of important data that may not be able to get recovered and brand and reputation damage.
At the end of the day, it is you who will be on the line for any potential data breaches.
Implement Security Features
Every dental practice should have a policy in place safeguarding patient information and all staff members should be educated about how to comply with the office policy.
We advise a strict internet and computer policy that not only educated your employees when a breach does occur but also deters any mishaps from occurring. This policy enforced should include prohibiting staff members from checking personal email accounts or visiting any internet websites that are not work related.
When accessing any office data remotely, any employees at your dental practice should only use trusted Wi-Fi hot spots and never used shared computers or unsecure Wi-Fi spots. Any smartphones or tablets you have in your practice should be password protected to prevent access to patient information in case that device is lost or stolen.
Antivirus software should be installed on every computer in your practice and left kept updated and checked regularly. In addition, it is also important for dentists to make sure that all operating systems, hardware, software, and firewalls are up to date, secure and strong and that wireless networks are shielded from public view. All hard copies of documents with patient information should be shredded as soon as they are no longer of any use to your practice.
To avoid any type of security breaches there are a few IT solutions you need to implement and ensure are in place to prevent any security breaches as soon as they occur. Here are a few:
Set up VPN (virtual private network)
Install anti-virus software for all your devices in your practice
Automate the encryption of your production
Backup hard drives with appropriate security hardware
Always keep your web browsers, software and operating systems updated
Encrypt data transmitted to anywhere outside the practice
Action Point
Implement strict internet and computer use policies, educate staff, ensure secure remote access, password-protect devices, maintain updated antivirus software, and encrypt and back up data for comprehensive cybersecurity in your dental practice.
Mitigating Security Risks
Unfortunately, data has shown that even when you have the necessary security measures in place, human error is commonly the sole cause of data breaches. This means that the actions of healthcare employees are unintentionally the cause of three times as many breaches as external attacks on your dental practice.
Without adequate training, your employees could unintentionally be putting your entire practice at risk. This is why, after you have put all the necessary security measures in place, your next priority should be to train your employees to mitigate any security risks.
Here are a few tips for this:
Avoid disclosing private information over the phone or email. Instead, you should use encrypted communication methods such as encrypted email to protect sensitive patient or employee data
Set user permission for different roles
Educate and train staff of latest cyber threats and your latest technological updates
Choose strong passwords and do not use the same password for everything
Outline a response plan so the team knows what to do immediately in the event of an attack
Discourage joining public or unsecured Wi-Fi networks
Restrict access to personal email accounts and any non-work-related websites
Require password for any devices you use at the practice, in case it gets lost or stolen
If a security breach in your office does occur, it is absolutely imperative that if a breach in your office does occur, you need to take the appropriate action immediately. This includes determining how the breach occurred to begin with and the extent of the breach. You need to be careful who you initially contact when something like this occurs.
Action Point
Prioritize employee cybersecurity training, use encrypted communication, set user permissions, educate on cyber threats, choose strong passwords, outline a response plan, restrict access to unsecured networks and non-work sites, and password-protect devices to mitigate security risks in dental practices.
Samera helps you stay fully compliant with any security regulations. Our specialists ensure that your dental practice software is always updated, and your data is encrypted with password protection and able to be transferred securely.
Get Started: Cyber Security for Healthcare
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
Cyber security for dentists is a crucial, but largely over-looked, aspect of running a dental practice. Your computers, devices and networks hold confidential patient data and sensitive dental records.
With the rise of cyber attacks on medical businesses, the increasing reliance on the cloud for storage & processing and the introduction of legislation like GDPR, it is essential that dentists make sure they have a strategy for cyber security and protecting their digital information.
Cyber Security Threats to Healthcare Businesses
In this webinar, Arun and George discuss several cyber security issues which pose a threat to your healthcare business online.
An essential part of any prevention of cyber attacks is using some sort of Anti-Virus software. This is a major contributor to compromises. A decent Anti-Virus software will quarantine a malicious file and ensure it does not have access to a computer, potentially compromising it.
An Anti-Virus works by scanning files or code that being passed through your network. Depending on the company. They build an extensive database of already known viruses and malware and matches the files to these in their database and decides whether to quarantine the file or not.
Hardware
Users can install a Firewall which is essentially a virtual wall that chooses to allow or decline traffic through your network.
Much like antivirus software’s, Firewalls scan packets for malicious code or attack vectors that have already been identified as established threats. Should a data packet be flagged and determined to be a security risk, the firewall prevents it from entering the network or reaching your computer.
Training
The number one way to prevent cyber attacks is training. It has been said that your own staff are the biggest threat to any business. All it takes is one staff member to click on a link and that can be the entire network compromised. Of course the computers will have an anti-virus which should block any virus that has been allowed to access the computer. But why increase your body armour when you can take the bullets out of the gun?
Phishing
Spotting a Phishing Email
There are 3 main traits to look out for with Phishing Emails.
Urgency – Using tight deadlines to create a sense of urgency that distracts you from the rest of the message and pressures you into acting quickly.
Authority – Using the authority of the sender, such as by pretending to be a senior executive, trusted colleague, or reliable company, to convince you that the message comes from a trustworthy source.
Imitation – Exploiting ‘normal’ business communications, processes, and daily habits to trick you into reacting to a message. Check who the email is addressed to, if it’s ‘friend’ or ‘valued customer’, then this might be because the sender doesn’t know you.
Passwords
An obvious one; but having a secure password can be the difference between access and no access.
Nowadays websites ask for a secure password, this includes at least; one capital letter, 6 lowercase letters, and one number. Usually, people like to be able to remember their password so they will use personal names and dates.
A great method for a secure password is using the ‘Three Random Word’ method, this entails of using three completely random words, followed by ideally a random number, but any number would do, even a significant date. Using three different words will greatly increase the prevention for brute force attacks.
Example:
Joe Bloggs has a child names Sarah who was born 14/05/07.
Most commonly the password Joe will use is Sarah140507, this way Joe has ticked all the boxes for the website, and its easy to remember. But this password is not very secure.
As of Sept 2021, 78% of the UK population are regular social media users.
Joe Bloggs posted a picture of a birthday dinner for his daughter Sarah on Facebook on 14/05/18 saying, “Happy Birthday Sarah, 11 today!!”. See the issue? Joe told a wannabe hacker exactly the date of his daughters’ birthday. Using a brute force attack, the hacker can now try to force his way into Joe’s account(s) using the information he has gathered.
When it comes to computer security in a dental practice, it’s crucial to identify what must be done and allocate exactly which team members are responsible for those tasks.
Overall responsibility should rest with a senior manager who has a broad view of all the risks and how to tackle them.
Other individuals can handle particular aspects. For instance, installing security software.
Management should identify which information and technology is really vital to the business, this is where the big risks lie.
For example, damage to your dental practice’s financial or clinical system, or the loss of your dental patient list, could lead to the complete failure of the business.
Other information may be less important. Equally, some computers are probably more critical, or more vulnerable, than others.
Identifying the risks, then establishing what security measures already exist and whether they work, and what extra ones are required, will help you to target your security efforts where they are most needed in your dental practice.
Action: Make a list of all the cyber security steps that need to be taken and make a spreadsheet allocating these tasks to specific members of staff.
Protect your computers and networks in your dental practice
Malicious activity could come from outside or inside your dental practice. Attacks from outside, for example by troublemaking hackers or e even competitors, can be protected against simply by installing a firewall.
This is software or hardware which examines all the computer communications flowing in and out of the business, and decides whether it’s safe to let them through. It can also be used to manage your staff’s internet activity. For instance, by blocking access to chat sites where employees might encounter security risks.
You can configure (set-up) the firewall to allow or prevent certain kinds of activity. There are several different kinds of firewall. The router supplied by your Internet service provider (ISP) may already have one built-in, or you can buy a software firewall solution.
Protecting against illicit activity from inside the dental practice requires other precautions we’ll look at elsewhere in this supplement. All of these also provide extra protection against attacks from outside.
Action: Install a firewall to protect your networks and possibly restrict staff and patient usage of the internet in the dental practice.
Keep your dental practice’s computers and devices up-to-date
Suppliers of PCs, software, and operating systems, such as Windows, frequently issue software updates (patches) to fix minor problems (bugs) or improve security. It’s essential to keep all of the computers in your dental practice (and other devices) up-to-date with the latest patches and software updates.
Normally, they can be downloaded and installed automatically. Remember that just one vulnerable computer puts all the others at risk. It’s important to ensure that all available patches are applied to all of them.
Action: Check for software updates on all the devices in your dental practice and upgrade hardware that is outdated.
Control employee access to computers and dental records
Although your computers should be guarded by a firewall, you should still protect user accounts (each person’s ‘identity’ with which they log on to a computer) and sensitive documents with passwords.
Because each individual should have a unique user name and a password, access to different parts of your IT system can be limited to certain people. It is important to remember that some individuals may have more than one user name and password, perhaps if they have multiple roles.
This not only protects against accidental or intentional damage by staff to systems and information, it also provides further security against outside intrusions. To achieve this, you can use security options built in to operating systems such as Windows, or you can buy specialised software online.
Because you identified your biggest security risks and most vital information in Step 1, you can decide whether password control for a given item should be basic (for instance, one password authorising access to an entire computer) or stronger (each document or application requiring a separate password).
Some individuals designated as computer administrators (admins) may be given access to nearly everything, in order to perform technical work. You should keep the number of admins to a minimum.
Security software will usually generate records showing which employees have used particular computers or documents at different times. This can be useful for pinpointing problems, but access to these records should, of course, be tightly limited – otherwise, people misusing the system could alter them to cover their tracks.
Action: Set up your employee profiles on your CRM, website administration and any other online data storage in your dental practice. Make sure you assign the appropriate roles to each team member.
Protect against computer viruses in your dental practice
Malicious software or ‘malware’ (a category including viruses, Trojans and spyware) may not always be as devastating as the headlines suggest, but can still slow down your systems dramatically, and passing them on to customers will win you no friends.
Fortunately, there is plenty of protection available. Your computers may have been sold with anti-virus software (the generic term, although most products also protect against other kinds of malware). If not, you can easily buy it.
This software regularly scans a computer in search of malware, deleting any that is found. Regular updates to head off new threats are key to anti-virus software. So this is one area where it does pay to stick to the big brand names and to ensure that the software is set to receive updates as regularly as possible (ideally daily).
Action: Install and run anti-virus software on all your devices regularly to check for any issues or threats.
Extend security beyond the office or dental practice
Today’s employees sometimes work from home or on the road between dental practice sites using their own laptops, phones and tablets. It is difficult to extend the same level of security you can apply to office computers to these devices.
But, you can reduce risk by requiring any personal equipment used for work is approved first by management or IT. It should have the minimum of anti-virus software, password protection and (where applicable) a firewall.
To protect against unauthorised access to information when a device is mislaid or stolen, it should be possible to delete all the information (“wipe” it), even when you don’t have the device.
This capability is built into newer models; software can also be bought to perform remote wiping, but this must be installed before the device is lost. Ensuring the sensitive data is kept in an encrypted area (see section 7) of the computer or device will stop most attempts to access data.
This is easy to set up using off-the-shelf software. Beware of the dangers when connecting to unencrypted public WIFI, as hackers can intercept data. Check the hotspot is genuine and make sure file sharing is off and the firewall is on.
Action: Conduct a review of all the devices your employees use to access or store patient data or dental records. Make sure they all have the proper anti-virus, firewall and data protection features.
Remember the disks and drives you need to protect in your dental practice
Removable disks and drives, such as DVDs and USB sticks, pose security risks in two ways. They can introduce malware into your computers, and they can be mislaid when containing sensitive information.
Ensure that as far as possible, only disks and drives owned by your dental practice are used with your computers. Discourage employees from using them in third parties’ computers (in Internet cafes for example), and set up anti-malware software to scan them whenever they are used in the office.
Action: Establish a plan to track who has possession of each disk or drive at any given time, what information is contained on them and check that all documents are erased from them after use.
Plan for the worst
Following the measures in this guide will help you protect against a major security breach. But no system is 100% secure, so it’s worth planning what you’d do if things went badly wrong. First, define what is ‘major’ for you. Something that puts a non-critical department of the business offline for a couple of hours probably isn’t. But something that prevents you serving customers, or performing vital functions such as payroll, will be.
Establish how you will know that there’s a problem. You shouldn’t have to wait for computers to go down; your firewall or anti-virus software, for example, may provide advance warning that something unusual is going on. Plan your next steps.
What help (perhaps a specialist computer company) should you call in? Do you need to contact key dental patients or suppliers to explain that there is a problem? Can some functions be continued using other computers, or pen and paper, while your systems are repaired?
Finally, ensure that it’s clear who is responsible for doing what in an emergency. Your plan can be laid out in a document, and delivered in training sessions. It may incorporate elements of your plans for other disasters, such as a fire on your premises, and cut-down versions can be applied to less damaging computer incidents.
Action: Create a strategy for how your dental practice will handle a major breach of patient data or dental records. Identify your biggest risks and create an emergency contingency plan.
Educate your dental team about cyber security for dentists
Tell everyone in the business why security matters, and how they can help, using training sessions and written policy documents. This will encourage them to follow practices such as regular password changes. Most will not have to actively work at security. They’ll simply need to be aware of risks. For example, knowing that they should never click on a web link or attachment in an email from an unfamiliar source.
There are non-technical risks, too. One is social engineering, where hackers try to trick employees into revealing technical details that make your computers vulnerable. For example, a hacker might pretend to work for your computer supplier and claim they need passwords to perform maintenance. The casual atmosphere of social media such as Facebook could be conducive to such deceptions, so employees should be especially wary of discussing your systems and practices on social media.
Action: Create atraining session to educate your team on their responsibilities and duties regarding dental records and patient data. Deliver this programme regularly.
Keep records and test your dental practice’s cyber security regularly
Security is an ongoing process, not a one-off fix. So it’s important to keep clear records. For example, the decision-making in Step 1 of this guide could help you produce a list of all your hardware and software, along with an indication of how secure each item needs to be.
Similarly, records of software patches and lists of authorised personal devices will help build up a picture of your business’s security status, spot potential weak points, and figure out how any problems arose. Good record keeping will also help you regularly test all your security measures, and ensure that you have functioning, up-to-date software. Any business is only as secure as its weakest link, and testing will make sure that no weaknesses are overlooked.
Action: Create a cyber security strategy for your dental practice by following the steps listed here, creating a plan for each task and regularly testing your systems and strategies.
you can find out more articles on Samera learning centre.
Our Expert Opinion
“Cyber security is hugely important for every business. It’s doubly important for healthcare businesses because they handle patient data as well as their own financial data. If I were to ask you what your cyber security protocol is and you can’t answer off the top of your head – your business is in danger. You can’t rely on a simple anti virus programme. You can’t rely on a simple back-up. You honestly really need to take cyber security seriously.
If the NHS can get hacked then a small dental practice certainly can! It’s not just about hackers either. We at Samera suffered data issues when a fire broke out at one of the servers we were using for back-ups in France. Since then we’ve used a triple back-up system to make sure it never happens again. Don’t take any risks with yours or your patient’s data. Sort your cyber security out as soon as possible – your business could very well depend on it!”
Chris O’Shea Head of Digital Marketing
Get Started: Cyber Security for Healthcare
Cyber security is an essential part of keeping your patients, data and business protected online.
With Samera Cyber Security, you get the tools you need, the know-how to use them and digital copies of all your data. This three-pronged approach means you can keep your business safe and your data safe.
Contact us today to find out more about how our cyber security training, digital protection products and back-up contingencies can help you.
Make sure you never miss any of our articles, webinars, videos or events by following us on Facebook, LinkedIn, YouTube and Instagram.
Reviewed By:
Arun Mehra
Samera CEO
Arun, CEO of Samera, is an experienced accountant and dental practice owner. He specialises in accountancy, financial directorship, squat practices and practice management.
