The California Civil Rights Department (CRD) (previously the California Department of Fair Employment and Housing…
Recently, there have been more and more reports about cyberattacks affecting businesses of all sizes nationwide. The latest one affecting the dental industry struck the American Dental Association (ADA) on April 22, 2022, when hackers targeted their networks, forcing the ADA to take affected systems – web-based chat, email and telephone services – offline and commence an investigation into the nature and scope of the disruption.
The Cybercriminal group, Black Basta, is taking responsibility for the cyberattack, which claims to have started leaking member data, according to Bleeping Computer. Black Basta claims to have already released 2.8 GB of stolen data, including W-2 forms, nondisclosure agreements, personal information about ADA members, and accounting spreadsheets, comprising about 30% of what was stolen.
While the root cause of the ADA cyberattack has not been announced, ADA members should be watching for targeted phishing emails that aim to steal sensitive information. The best defense against ransomware is prevention. Once the ransomware infects the computer system and encrypts the data inside it, it is most often too late. The cybercriminal will then demand a ransom to release the data.
Cybersecurity experts warn that small and mid-sized businesses like dental practices are often targets of cyberattacks because they are less likely to have full protections in place and devoted information technology personnel to prevent such attacks. Additionally, under the Health Insurance Portability and Accountability Act (HIPAA), dental practices face additional problems if their patients’ protected health information (PHI) is stolen, misused, or unavailable.
Under HIPAA’s Security Rule, covered entities are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI. This includes conducting a security risk assessment regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented to prevent threats to PHI, including ransomware cyberattacks. For those interested in subscribing, the Federal Department of Health and Human Services (HHS) publishes a quarterly cybersecurity newsletter, to help HIPAA covered entities and business associates remain in compliance with the HIPAA Security Rule by identifying emerging or prevalent issues, and highlighting best practices to safeguard PHI.
For our OSHA Review clients… A checklist to help dental offices conduct a HIPAA security risk assessment is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.