The ADA was hacked. Here's what to do now

2022 04 28 00 38 9232 20222 04 28 Salman Gary 400

As you are probably aware, the ADA was a recent victim of a cyberattack. This is an unfortunate event but one that has become all too commonplace in dentistry. With these types of events, it may take weeks to determine the depth of the attack, but there are steps that you can take now to better protect yourself and your practice.

Gary Salman.Gary Salman.

In some cases, hackers download email addresses and will use them to phish additional targets, in this case, your practice. We advise you to be extra diligent when clicking on links or attachments, especially those that appear to come from state dental associations.

Please remind your employees not to click on links or attachments unless they can verify the safety of that link or attachment. In addition, if you receive an email that prompts you to enter your username and password for your email system (i.e., Google Workspace, Outlook, Microsoft 365, Office 365) or any device (a virtual private network, remote access, computer, server), do not provide that information.

10 best cybersecurity practices

Preventing the theft of your data and protecting the continuity of your business must be the primary focus for your practice. Below is a list of best practices to help enhance the security of your organization:

1. Turn on multifactor authentication.

Enable multifactor authentication (MFA) or two-factor authentication (2FA) for any application or website that supports it. MFA sends a unique code to your phone or activates a separate authentication app to validate your login.

2. Create strong passwords.

Use strong passwords everywhere. Create strong passwords by combining a minimum of 12 characters, numbers, and special characters like @, $, #, !, and &.

3. Don't reuse passwords.

Never use the same password across multiple websites or applications. Every website and/or application should have a unique password.

4. Use a password manager.

Utilize password management tools like LastPass or Dashlane to manage and create strong/unique passwords. These applications can automatically generate unique, strong passwords.

5. Approach remote access tools with caution.

Using remote access tools can present a tremendous risk to your organization. Make sure you use the paid business versions of these technologies as well as MFA and strong passwords.

6. Train your team.

Train your entire office on how to recognize threats such as phishing, spear phishing, social engineering, business email compromise (banking wire fraud), and proper use of removable devices. Test them using a phishing simulator.

7. Learn the difference between information technology and cybersecurity.

Understand the difference between your IT company and a dedicated cybersecurity company. Know when you might need the help of a specialist.

8. Evaluate your vulnerabilities.

Use a dedicated cybersecurity firm to evaluate your firewall(s) and perform real-time vulnerability management. This evaluation can uncover exploitable devices on your network that may expose you to a breach or ransomware attack.

9. Put your security to the test.

Have a cybersecurity specialist perform an annual penetration test to identify risks and how you can be breached. Cybersecurity specialists can also perform a security risk assessment to evaluate how and where you may be attacked.

10. Install prevention software.

A cybersecurity specialist can deploy extended detection and response (EDR) software on all computers. EDR software uses artificial intelligence to help detect and mitigate threats.

Gary Salman is the CEO of Black Talon Security, a dedicated cybersecurity company with a strong focus in the dental industry. Salman is an expert in data security, particularly as it relates to the dental industry. As a speaker and writer, he lectures nationally on cybersecurity threats and their impact on dental practices.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Page 1 of 523
Next Page