Managing Your Security as Cyberattacks Intensify

Becky O'GuinFeatured News

From the Journal of the Colorado Dental Association Autumn 2024
By Robert McDermott, President & CEO, iCoreConnect 

A major cyberattack on various parts of the healthcare industry serves as a wake-up call to providers regarding their security and the importance of mitigating risks. In February 2024, a major healthcare technology provider was attacked and its data held for ransom by the cyber criminals.

Unfortunately, the impact of this recent attack has sent a tsunami impacting critical components of digital delivery from billing, verification of insurance and payments to ePrescribing.

The Change Healthcare attack of 2024 highlighted the vulnerability of sensitive patient data and the critical need for robust cybersecurity measures. As one of the largest healthcare technology companies in the U.S., Change Healthcare serves a vast network of providers, payers, and pharmacies, making it clear that malicious actors seek to exploit weaknesses in digital infrastructure.

This breach quickly impacted every level of Change Healthcare’s services, forcing them to disconnect over 100 systems. It became clear that Change Healthcare, a business that helps process over 15 billion prescriptions a year, was hit by a ransomware attack. In addition to the significant impact on dental businesses that were unable to process payments, even more patients were unable to get medically necessary and, in some cases, lifesaving medications.

In response to the breach, UnitedHealth Group, the parent company of Change Healthcare, initiated a comprehensive investigation to assess the extent of the damage and identify the vulnerabilities that allowed the attack to occur. Simultaneously, they collaborated closely with law enforcement agencies, cybersecurity experts, and affected stakeholders to mitigate the impact and prevent similar incidents in the future.

You may think cyber criminals only attack the big organizations, but that’s not true. Attacks can happen to any sized business. As providers, it’s a reminder that dental business security and reliability are a chain, only as strong as the security mechanisms of the most vulnerable link of that chain.

As with any attack mitigation efforts, understanding the key vulnerabilities and strategies to mitigate them is the first step:

  1. Unauthorized Access
  • Risk: Unauthorized users gaining access to sensitive patient information or modifying records.
  • Mitigation: Implement measures such as multi-factor authentication and role-based access control to limit system access only to authorized personnel.
  1. Data Breaches
  • Risk: Patient data breaches can lead to compromised confidentiality and privacy, along with the risk of crippling fines and reputation loss.
  • Mitigation: Encrypt data at rest and in transit to prevent unauthorized access with fully HIPAA compliant email. Configure “ransomware resistant” backup to enable a quick recovery in the event of an attack. Regularly update security protocols and conduct vulnerability assessments to identify and address potential weaknesses. Employ Business Associate Agreements (BAA) with third party vendors and organizations to ensure their security measures are HIPAA compliant.
  1. Phishing Attacks
  • Risk: Phishing emails targeting staff to obtain login credentials or sensitive information.
  • Mitigation: Educate employees about recognizing and avoiding phishing attempts through regular training sessions. Implement email filtering systems or secure HIPAA compliant email to detect and block suspicious emails before they even reach the inbox.
  1. Software Vulnerabilities
  • Risk: Exploitation of software vulnerabilities by malicious actors to gain access or disrupt operations.
  • Mitigation: Keep software up to date with the latest patches and security updates. Conduct regular dental business security audits and penetration testing to identify and address potential vulnerabilities proactively.
  1. Insider Threats
  • Risk: Malicious actions or unintentional errors by authorized personnel resulting in data breaches or system compromises.
  • Mitigation: HIPAA compliance requires the use of auditable user activity monitoring and logs to detect suspicious behavior. Enforce least privilege principles, a security measure that limits access to sensitive data and functionalities based on job roles.
  1. Third-Party Risks
  • Risk: Security vulnerabilities in third-party components or services integrated with ePrescribing software present a potential risk.
  • Mitigation: When selecting third-party vendors, establish clear contractual agreements, BAAs, outlining dental practice security requirements and responsibilities.

The Change Healthcare cyberattack highlights the interconnected nature of digital systems. An attack on one component can have far-reaching consequences across an entire dental network, disrupting operations and compromising patient safety. Beyond HIPAA compliance, safeguarding patient data and maintaining the trust of patients and stakeholders is paramount and that means keeping all workflow software secure.
There are a lot of measures you can take to ensure the safety and security of your dental practice’s infrastructure and the sensitive data contained within. While no measure is foolproof, implementing risk mitigation efforts is required not just by law, but through your commitment to your patients, your team and your practice.

CDA endorses iCoreExchange to keep your practice safe and secure through encrypted HIPAA emails. As a CDA Enterprises Endorsed Partner, iCoreConnect is committed to protecting your sensitive data to help you stay HIPAA compliant and provide secure dental services to patients. Book a demo at iCoreConnect.com/CO23 or call 888-801-7706 to learn more. Member discounts apply.