By Robert McDermott
From the Fall 2018 Journal of the Colorado Dental Association
There are reports from around the country about dentists being hacked. One dentist reported that her patients received “aggressive” emails telling them they owed money for services they never received. Those patients were told to send money immediately. The practice had been hacked.
Hackers know they can go after Gmail, Outlook, Yahoo! etc. because those communications exist on a public domain. That makes the message and Protected Health Information (PHI) accessible by hackers.
How do you protect yourself?
Take appropriate technical compliance steps:
- Store your data in secure, private data centers, rather than on your practice computer.
- Comply with federal law, including the federal government’s five HIPAA Technical Safeguards:
- Transmission Security: PHI is encrypted at the highest levels when shared
- Authentication: Senders and recipients are always verified
- Access Control: Only authorized persons can view secure data
- Integrity: PHI is unaltered and protected
- Audit Control: All user access and activity is tracked in detail
Exercise caution with emails:
- Educate your staff to immediately stop and assess the situation anytime a suspicious link or information request comes through email.
- If possible, contact email senders outside the email thread to ask about links or attachments in an email that appear unusual in any way (strange subject lines, unusual wording or topics, etc.).
- Even if the email looks legit, make sure your team raises the question prior to sharing any confidential information, like account details.
It’s not just you and your computer affected by hackers. The moment you click on a malware link, you hand a hacker a key to access and take down your entire practice. You may even reveal pathways for them to victimize your colleagues and other contacts. But don’t panic; by following the tips above, you can keep your practice and your patients’ information safe.
Robert McDermott is the president and CEO of iCoreConnect, endorsed by the CDA. iCoreExchange not only meets but exceeds all five technical safeguards and all data is protected on its own private domain and server.