As a practicing dentist, you understand the importance of taking care of your equipment. And it’s a no-brainer that you have to take care of your patients, and staff. But how much thought have you put into taking care of your data?
If you think your practice is too small to be a target for hackers, you’re fooling yourself: nearly two-thirds of all cyberattacks these days are directed at small businesses … and that includes yours.
And whether you realize it or not, you have a lot to lose: we keep important client information on our computers: names, addresses, phone numbers, and sometimes more. Can you imagine those clients’ faces if we had to say “Sorry, my computer was hacked, and your info is now on the Dark Net.”? It’s a lawsuit waiting to happen.
According to Lloyd’s of London, the estimated cost of cyberattacks is $400 billion annually … and that number is predicted to jump to nearly $2 TRILLION by the end of this year. One financial tech expert called the impending disaster an “ecommerce Armageddon.”
And that’s all for a typical retail business; as medical practitioners, we also have to consider the impact of HIPAA. A data breach of sensitive medical information can produce massive fines and possibly criminal penalties if you are found to be negligent. Even if you’re in the clear as far as blame, the average cost per compromised healthcare record is around $400. Multiply that number by the number of patients—even just one-time patients—in your practice, and it quickly become obvious that the final result could be devastating.
If knowing all this doesn’t cause you a little anxiety, you might want to re-read it. The question, of course, is whether there is anything you can do about it.
Of course there is.
In reality, there are multiple steps you can take, most of them fairly simple. First and foremost, you need to protect your practice and its computer systems using things like firewalls, virus protection, server monitoring, and data encryption. You should also perform regular security risk assessments to identify “weak links” where your data could be vulnerable.
Any cybersecurity software you install should run through the cloud (as opposed to a local server) and needs to go on all of your computers and any mobile devices such as tablets you might use in your practice.
Automated computer backups are a good thing, too. Again, whenever you do this, you should move data to the cloud—although it never hurts to have a back-up of the back-up on a portable drive you keep in a safety deposit box or somewhere else off the premises.
One thing you have to be especially vigilant about is credit card data. It’s great to have the ability to integrate credit card payments with your practice management systems, such as Dentrix. But keeping credit card data on-site is just asking for trouble, either from hackers or HIPAA. Again: thieves can’t steal it if you don’t have it.
Other proactive steps you can take:
- Invest in cyber liability insurance
- Train staff to spot the warning signs of “phishy” emails
- Enable two-factor authentication
Some 60% of smaller businesses go out of business after of a cyberattack. Don’t become a statistic: take steps now to insure your data’s security.
In a future post, I’ll talk more about HIPAA and credit card processing.