Just Wait for the Cavity: Dental Cyber Security
Dental Cyber Security is kind of like, well, being a dentist. You’re in your patient’s mouth. The red flags are clear as day: calculus buildup going back to pre-fluoride Woodstock days. Severe dentin erosion, onset of gingivitis, gums retreating like Arctic glaciers. But there is no actual decay yet. No cavities to drill or crowns to fill, no stains to cap or roots to tap. Absolutely. Nothing. Profitable!
So what do you tell the patient? That’s easy…
“Looks good! Come see me when that molar finally cracks.”
Of course that’s not what you say, but that is roughly how it sounds to me when a practice director tells me that they invest minimally in ongoing preventative cyber security because nothing truly bad has happened yet with their practice data. In other words, Just Wait for the Cybercrime Cavity and spend ten times as much recovering.
But I would never advise you to wait for the cyber decay, and you would never advise your patients to hold off on brushing, flossing and regular dental checkups. Nor should you wait to implement regular dental cyber security. We are both in the prevention business and we are building long-term relationships that have a great LTV. There are enough patients to keep us both in business with bad hygiene, so we can focus on doing our job well and stopping the problem before it takes root. That preventative mindset will save you approximately $380 per patient record, which is the average cost of breach recovery in the health industry (excluding reputation damage and customer attrition).
Here are what I consider to be the 5 Most Pressing Cybersecurity Vulnerabilities in Dentistry:
- Outdated operating systems (Windows XP/2000) and unpatched operating systems, software and apps
- Weak spam filtration and barely-existent employee training that leads to email-based phishing attacks
- Poor data backup and recovery planning that allows ransomware to lock and destroy patient and financial data
- Lack of solid encryption on data at rest (on servers), in transit (to patients, vendors) and in the cloud (practiced management software) that allows easy access to hackers
- Credential hacking of cloud data due to lack of 2-factor authentication and password managers
When your practice begins to protect patient data in the same way that you ask patients to protect the health of their mouth, you have just discovered a critical competitive advantage for patient acquisition and retention. Your patients want to know that their data is safe in your hands. Here are some additional resources to help you take the next steps in protecting your practice data:
- Sileo’s Cyber Security Roadmap – a step-by-step visual guide to protecting your most valuable data assets
- The CIS Cyber Security Controls Framework – highlighted by me for a crash course on cyber security threats & solutions
- Improving the Performance of Your Security Awareness Training (if you even have such a program – if not, it’s time to start)
- Top 10 Internet of Things Threats & Solutions that will impact the dental industry
What are the greatest gaps you see in Security Awareness Programs? Please share your brilliance below.
John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings and in industry study clubs. He specializes in making security fun, so that it sticks. His clients include the Seattle Study Club, the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.