Don’t Get Lax on Cybersecurity

In February 2024, the Change Healthcare cyberattack crippled healthcare and billing information operations nationwide. Investigations into the cyberattack have revealed evidence that the hack started when cybercriminals entered a server that lacked a basic form of security: multifactor authentication.

Being prepared can help safeguard dental offices from ransomware or other security breach. Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, covered entities including dental offices, are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of protected health information (PHI). Dental offices must conduct a security risk analysis regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented.

Staff training on cybersecurity and basic data security and how to mitigate cyberthreats is critical for preventing ransomware and other cybersecurity attacks. This training should be part of dental management software training and more generally, a part of HIPAA training. Such employee training and awareness helps to reduce the chances of staff being susceptible to cyberattacks via email or other common methods by educating employees on how to identify and avoid threats.

In addition to effective training, there are several ways dental offices can protect against cyberattacks:

• Be wary of email attachments. Make sure you know with whom you are communicating, watch for phishing attempts, and report any suspicious emails or texts.
• Don’t download any unknown software or click on unknown links.
• Layer data protection with, at a minimum, strong passwords and multifactor authentication.
• Protect sensitive data on business and personal computers using full-disk encryption software.
• Back up data regularly and keep an encrypted copy offsite.
• Monitor online accounts regularly for suspicious activity.
• Regularly check for and install security updates of anti-virus and anti-malware software on all the network computers.

The US Department of Health and Human Services (HHS), the Federal Bureau of Investigation (FBI) and the Federal Trade Commission (FTC) also provide cybersecurity information on their websites.

For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA security risk analysis is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.

OSHA Review, Inc. a registered continuing education provider in the State of California, specializing in Dental Practice Act, infection control, and Cal/OSHA training. OSHA Review subscribers in California receive updated regulatory compliance and infection control training thorough our bi-monthly newsletter.