Recent studies show the following:
- Out of five industry categories, the medical/healthcare industry had the most data breaches in 2014 -- for the third year in a row -- totaling 41.5% of all security breaches last year.
- Medical identity theft has nearly doubled in the past five years, according to a 2014 study by the Medical Identity Fraud Alliance (MIFA).
- The MIFA study also found there were almost 500,000 more victims of medical identity theft in 2014 than in 2013.
Jonny Brennan, MD, DMD, MPH, is the associate dean of informatics, innovation, and community partnerships at the Arizona School of Dentistry and Oral Health.
Why are your dental records so valuable to data thieves? Because just one patient record contains a treasure trove of identity information that hackers can exploit, including the following:
- Full name and birth date
- Social Security and Medicare numbers
- Home and email addresses
- Names of parents and other family members
- Work and home phone numbers
- Photos, prescriptions, and more
Some dental records also include payment information, such as driver's license, credit card, and bank account numbers. These records bring top dollar on the black market. Just one Medicare number can sell for close to $500.
Among all the sundry types of hacker techniques ranging from viruses to Trojans, worms, or malware, a new type of attack has emerged now, generally referred to as "ransomware." This is a fairly targeted data penetration technique in which violators take advantage of the inherent value of the patient records by locking them in some way, such as by encryption, and demanding that a ransom be paid to receive unlocking instructions. As a practitioner, such a scenario is a terrible nightmare that should be avoided at all costs.
In addition to the HIPAA regulations that mandate protection for patient records and impose stiff fines for data breaches, theft of your practice data threatens the continuity of your business. It destroys your patients' trust.
To protect your practice from hackers and avoid data theft, follow these steps:
“Your employees are your first line of defense against data theft.”
1. Educate your staff
Your employees are your first line of defense against data theft. Make sure they understand your practice security policies, how data breaches might happen, and how to keep patient data safe.
2. Protect mobile devices
Keep track of your practice's mobile devices -- never leave them unattended. Protect all mobile devices with passwords, and encrypt any sensitive data stored on tablets, laptops, smartphones, and flash drives.
3. Extend security policies to your business associates
Any outside vendor or business associate, such as labs, pharmacies, and consultants, with access to your patient information also must follow your security and data privacy policies. Make data protection part of their business associate agreements.
4. Be wary of email
Don't open email from unknown senders. Many attempts to ascertain private data occur via information-seeking messages commonly referred to as "phishing." If you do open an unsolicited email, do not follow any Web links embedded in the message. Never open an email attachment from an unknown sender.
5. Keep your system software and antivirus programs up to date
Regularly check for software updates, and apply patches as soon as possible.
6. Protect your network server
Make it difficult to physically remove your network server from your office. Attach the server to a table, a wall, or the floor with metal cables bolted to a metal plate. Enclose the server and backup/storage devices in a locked cage. Encrypt the data on all your devices. Ensure that any devices that connect to the Internet are behind a properly configured firewall to restrict external access.
Jonny Brennan, MD, DMD, MPH, is a general dentist and an owner of Brennan Dental in Chandler, AZ. He serves as associate dean of informatics, innovation, and community partnerships at the Arizona School of Dentistry and Oral Health and is also a consultant for Dentrix Ascend.
The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.
Copyright © 2016 DrBicuspid.com