Have security contingencies in place against cyberattacks

Mar 25, 2024

Estela Vargas, CRDH.

By now, we have all heard the news that on February 21, 2024, United Health Group-owned Change Healthcare (known as Emdeon before 2015) fell victim to a ransom cyberattack that crippled several of its healthcare services in turn sending waves of panic through the healthcare industry. The attack and subsequent shutdown deeply affected those using Change Healthcare services, including many dental practices using electronic claims.

By severing digital connections, pharmacies could not fulfill critical prescriptions when needed; for dental practices, it was the downing of electronic claims processing, attachment submissions to insurance companies, and patient statements.

Dental, medical, and pharmaceutical operations were suspended without any sign of when the attack would end and operations could return to normal. The systems necessary for cash flow stopped.

On February 29, 2024, Change Healthcare confirmed the attack and the perpetrator as ALPHV/Blackcat. A $22 million ransom was reportedly paid.

Change Healthcare is working diligently with experts and law enforcement to end the attack quickly and assist those affected. The federal government says there will be financial assistance for qualified healthcare facilities affected by the attack. The federal government is investigating UnitedHealth Group following the cyberattack.

Is this an unusual event that will rarely occur once the U.S. government completes its investigation? Ask information technology (IT) experts and you will get a resounding no!

There have been many such attacks, and they are becoming more common. Even after the ransom is paid, your data may not be the same, and the perpetrator may not return what was stolen. You may not be able to open some or all of your files.

What can you do to continue operations during and after a cyberattack? The following practices can help you stress a little less until systems are back online:

Utilize payer portals or provider service lines. We have integrated payer portals and provider service lines into our processes to streamline eligibility and benefits verification for easier claims processing.
Track claims carefully. You must meticulously monitor all claims and their statuses to quickly identify and address delays or issues as they occur.
Consider paper claims forms. As a last resort, return to paper claims and send them via the U.S. Postal Service. The system is less efficient, but it's better than having a backlog of unpaid claims and no cash flow.
Write prescriptions on an Rx pad.
Print and mail patient statements.
Explore using alternative clearinghouse options for claims submissions.

Steps to prevent ransomware/cyberattacks in your dental practice

Practice owners need to beef up their security. Has it been years since you scrutinized your security system?

You may not consider your dental practice a target for cybercriminals, or you may rely on your local IT person for cyber protection. Unfortunately, cyberattacks are becoming more sophisticated and advanced security is required to protect dental offices from today's hackers.

Ransomware is designed to hold entire computer systems hostage, sometimes for weeks. To help prevent a ransomware attack, you must have a security system in place and obtain advice from cybersecurity experts. The following six steps can also help bolster your practice's defenses against an outside cyberattack:

Hire an IT specialist who is trained and certified in cybersecurity, or take a course yourself. The IT specialist should perform a risk analysis to determine where your practice is vulnerable. Keep in mind that your computer workstations, laptops, and cell phones can be hacked.
Conduct regular staff training on basic data security practices. Have your IT specialist train your team, and review the training every 90 days -- especially for your new hires. The training should include how to spot phishing emails (emails that contain vague or suspicious information and require the user to click an attachment or weblink from an unknown source that contains malware which then infects your network). Ensure that terminated employees' accounts and access are quickly disabled or removed.
Download and use full-disk encryption software. Files and databases that contain protected health information or sensitive, personally identifiable information should be password-protected. In addition, change your passwords every three months and use a two-factor authentication.
Back up your data regularly and keep an encrypted copy offsite. Having a way to access your data outside of your computer system helps prepare your practice in the event of a ransomware attack. Ensure your data can be restored, not just backed up, and verify that the data is restored regularly or hire a specialist to help you.
Update your antivirus and antimalware software daily and run it on all the computers on your network. Also, regularly check for and install security updates.
Have an assigned HIPAA security officer in your practice. If your practice is ever breached, the first question is, "Who is your HIPAA security officer?" Your officer will be in charge of seeing that cybersecurity is the No. 1 priority in your practice.

It's not your IT person's responsibility if your laptop, PC, or phone is stolen or if your team members routinely visit unsecured websites during office hours and click on phishing emails or emails with malware embedded within.

You must keep your practice safe and use the best tools available. Sometimes, this means getting the help you need from trusted sources.

References