You can never be too careful.
Earlier this month, I received an email to my business account from a client asking me to open a link to a pdf document. It seemed suspicious, and since I advise clients not to open attachments attached to unknown or unusual emails, I emailed back the client, asking if it was legit. “He” replied to my email that he did in fact send it, and that I should “check it out”. I therefore tried to open it, but needed my password, which I thankfully did not have on hand. I again emailed him back asking if he could send whatever it was directly, not in an attachment. Subsequent to my second email, I received an email back from my client saying he had been hacked and to not open anything from him.
I thought I had been diligent enough by emailing back my client the first time inquiring if he had sent me the email. What I learned is that these criminal hackers are getting more and more sophisticated. In retrospect, I should have called the client directly and asked him if he had sent the email.
Coincidentally, the following week I received an email from my bank with tips on protection from cyberattacks. Some of the tips include:
- Make sure you know with whom you are communicating. – This would have helped me with my scenario above.
- Report suspicious texts and emails.
- Don’t download any unknown software or click on unknown links.
- Layer your protection with, at a minimum, strong passwords and multifactor authentication.
- Watch out for phishing attempts.
- Monitor your online accounts regularly.
- Train staff on cybersecurity and how to mitigate cyberthreats. – Under the US Health Insurance Portability and Accountability Act (HIPAA), this training is required for staff who have access to protected health information (PHI).
Under HIPAA’s Security Rule, covered entities such as dental offices are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI. To this end, dental offices are expected to conduct a security risk assessment regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented.
For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA security risk analysis is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.