"Month-long email hack on Ohio Dental insurer impacts patient data.”
“Colorado ransomware attack leaves 100 dental practices without access to patient data.”
“Practice reports ransomware attack to its patients.”
These are just three of the headlines from 2019 about cyberattacks against dental practices.
This is not surprising given the rise of attacks against small businesses. According to the Verizon 2019 Data Breach Investigations Report (DBIR), 43% of cyberattacks target small businesses. Among the findings were the majority (69%) of the attacks proved to be the work of outsiders 39% of which originated from organized criminal groups. 52% of the breaches resulted from hacking while social attacks (33%), malware (28%) accounted for the majority of the criminal activity. 15% of attacks impacted healthcare organizations, and alarmingly, 56% of breaches took months or longer to discover.
A Small Business Trends study revealed additional cybersecurity statistics that all small business owners should know.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyberattack.
- 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- Small businesses are most concerned about the security of customer data.
What’s also not surprising is why criminals have targeted small dental practices. Keeping current with cybersecurity best practices is a daunting task for dentists who either lack the expertise, time or resources to fully protect themselves. Outsourcing is an option, but that often comes at a high cost and is no guarantee against attacks.
Plus, in the case of the ransomware attack, some dentists were contacted by outside IT consultants selling specialized IT and identity restoration services in the wake of the incident, even though they were not familiar with the incident detail or the systems used in the practices. When held hostage in this type of attack, this offer can be tempting and expensive.
Cybersecurity Risks Associated with On-Site Servers
In general, there are two distinct areas where practices are vulnerable. Since a cybersecurity event can paralyze your business, you must have an effective data backup and security strategy in place to recover from such an event. Keep in mind that as a healthcare provider the responsibility for cybersecurity is 100% yours. Chances are you didn’t know you were signing up for that when you started your own dental practice.
Second, in their prime, on-site servers were considered the best way to have control over your practice’s records and data. Not anymore. While it’s not hard technically to back up a networked device, there’s plenty of room for human error; and the data itself is likely vulnerable unless you invest time and money to build and maintain a proper data security strategy.
Cybersecurity Protection Costs Drive Up Overall IT Spend
While the costs to protect against attacks vary based on the size of the business, estimates of what companies currently pay range from an additional 5.6% to 20% of the company's total IT spend. Typically the additional costs are directed towards network and website vulnerability identification and management, and regular scanning and testing which includes dark web scanning and ethical hacking.
Why More Dentists Are Moving to Cloud Technology
The moral of the story is that cyberattacks are real and are not confined to large organizations anymore. Moving to the cloud with the right partner will minimize your risk of patient data breaches and reduce your cost for the hardware and software necessary to manage your practice. On top of these benefits, the cloud alleviates server-based technology issues that cost you time and money. In fact, operating from the cloud enables companies like Curve Dental to continuously integrate the latest security technology for you, ensuring your data is always safe. In addition, security concerns aren’t what they used to be, and studies confirm the cloud is safer than storing information on-premise. Salesforce.com reports that 94% of businesses experienced an improvement in security after moving to the cloud.
The facts are clear. Dental practices that move to the cloud are less vulnerable to cyberattacks and can protect themselves much more cost-effectively than those who use a server-based system. Given the recent uptick in attacks against dental practices, that’s considerable peace of mind.
