Running a private dental practice requires the protection of patients’ private medical and financial information so that it doesn’t fall into the hands of criminals seeking to exploit this valuable data. As we have just recently seen with the Equifax data breach, serious and lasting consequences can occur when businesses fail to take the appropriate steps to protect customer information.
While a dental practice may not seem like a prime candidate for the attention of cyber criminals, healthcare websites actually rank as some of the most common targets for hackers. In 2015, Forbes ranked healthcare as the most cyber-attacked industry, ahead of both financial services and government sector websites.
Healthcare IT News reported that the healthcare industry occupied the top three spots out of the seven largest data breaches that occurred in 2015. This led 63 percent of healthcare related businesses to state they planned on spending more on cyber security in 2016 than they had in previous years. Despite these planned efforts, 2017 has already seen a number of serious data breaches in a variety of healthcare industry businesses, both big and small.
MongoDB, a popular open source database, had 26,000 servers breached, leading to a ransom demand by hackers for the release of the stolen data. Medical Oncology Hematology Consultants, a private practice in Newark, DE, had over 19,000 patient records stolen by hackers, while Mid-Michigan Physicians Imaging Center, a member of the McLaren Medical Group, had over 106,000 patient records stolen. The list goes on and on.
What these types of security breaches teach us, however, is that no medical practice can consider itself safe simply because “we’re too small to matter.” Cyber criminals seek to exploit vulnerabilities in data security regardless of the size of a business. Smaller practices make for even more enticing targets as they have miniscule security budgets when compared to major healthcare corporations.
Tech-savvy patients want to feel as if their information is secure when visiting a dental website, especially when providing sensitive information, such as credit card details, medical history, and email addresses. If a data breach occurs during the transfer of this type of information, it can permanently destroy not only the bond of trust between the patient and doctor, but the practice’s reputation in the community as a whole.
Patients place their trust in your skill as a dentist when sitting down in the dental chair. They demand that same level of assurance when visiting your website. This is why dental practice security of your online platforms is so vital to your practice’s reputation and to protecting your patients’ privacy. Failure to make this commitment can lead to hundreds of thousands of dollars in fines, HIPAA violations, and civil lawsuit damages.
Dental Website are Easy Targets for Hackers
There are two primary reasons why healthcare industries ranked as the most hacked industry just two years ago. First, hackers view small practice websites as easy targets, especially compared to major corporations that spend millions annually on cyber security. Second, patient electronic health records (EHRs) are incredibly valuable.
Dental practices store a vast amount of valuable patient information that include names and addresses, phone numbers, banking details, date of births, medical histories, and Social Security numbers.
Early in 2017, Becker’s Healthcare, a legal and business resource for the healthcare industry, reported that data breaches were costing the U.S. healthcare industry over $6 billion a year. The patient data security firm Protenus describes patient data as a “virtual goldmine” for cyber criminals. That’s because EHRs contain a complete ID kit, providing hackers with all the information needed to steal a patient’s identity and do major financial and personal damage.
Digital identity theft allows criminals to sell a patient’s information on the black market, purchase medical equipment or drugs they can later resell, and make fraudulent insurance claims. Victims of identity theft face major obstacles trying to repair the damage done by criminals. When a credit card number is stolen, you simply cancel the card. But when a hacker steals your identity, it can be repeatedly sold to criminals who can use that information to carry out untraceable transactions over and over.
The need for improved dental practice security was driven home in 2015 when the personal information of over 150,000 patients were stolen from an Oregon dental practice after hackers infected the practice’s computers with malware. The dental practice was required to provide patients with identify theft protection and credit monitoring services.
Finally, EHRs offer cyber criminals data that’s usually worth ten times more than financial information alone. While credit card and bank account numbers offer a limited opportunity for theft, EHRs can be bundled together in different packages that are quite attractive to criminals on the Dark Web looking to purchase sensitive personal data. Why steal a few dollars from a bank account when stealing a person’s identity offers far more financial access.
Protecting Your Dental Practice Security
Website security largely comes from Secure Sockets Layer (SSL) or Transport Layer Security (TSL). These technologies create a coded connection between a web server and the user’s browser. SSL creates two cryptographic constructs – a private and a public key – that allows the web server to establish a secure link between the user’s browser and the website. However, SSL security cannot prevent hackers who attack servers and computers directly from obtaining information, so the server itself requires its own layer of security and the computer needs its own set of antivirus software installed.
You can determine whether a secure connection is in place if a website’s URL is preceded by “Secure | https.” HTTPS, or Hypertext Transfer Protocol Secure, is designed to protect information as its being sent from a computer to the site it’s connected to using an encryption that secures all data being transferred between the browser and website. This type of protection codes data, making it unreadable to anyone on the outside trying to look in. To translate the code, you need a password or key. This makes HTTPS the best method for securing information transfers online.
If your dental practice electronically transfers patient information, you’re required by law to provide adequate online security. Under the Security Rule of the Health Insurance Portability and Accountability Act (HIPPA), safeguards are required to ensure the integrity and safety of all health information submitted online.
Despite this requirement, however, 21 million patient health records have been stolen since 2009, according to the Department of Health and Human Services (DHHS). To ensure compliance, the DHHS’s Office for Civil Rights actively conducts random audits of relevant websites, with an average fine of $1.1 million for those found to be non-compliant.
Local Fresh Can Help to Strengthen Your Dental Practice Security
In addition to satisfying your legal requirements, a secure dental website offers your practice a number of benefits.
Having a website users can feel confident in when providing sensitive information can help to generate more patients. When a potential new patient visits your website and sees the presence of a security certification, they know can feel assured when making an appointment request online. If your site does not offer any indication that security of data is present, the patient will probably look elsewhere for treatment.
Additionally, dental practices that protect patient information actually get a boost to their search engine rankings. Google improves the search results for websites that actively use encryption to protect user engagement. While the boost this provides is relatively small right now, it’s expected to increase in the future. Chrome, Google’s web browser, will actually show a lock and a red “X” over any websites it views as potentially unsafe for the user.
If improving your dental practice security is an area you’d like to focus on but you don’t know where to start, Local Fresh can help. Our team of web developers can help provide you with the insight and information needed to help protect the interests of you and your patients. Click here to learn more about how Local Fresh can help improve the security of your dental practice website.