A recent report from cybersecurity firm Tenable – reviewing the entirety of 2020’s healthcare data breaches (along with the first two months of 2021) – finds ransomware attacks to be the most prominent root cause of healthcare breaches, accounting for 54.95% of all attacks.
Ransomware attacks are the number one cybersecurity threat to healthcare organizations – and dental offices are no exception.
Cybercriminals Target Dental Offices
As a dental practitioner, you know first-hand the fears people have of visiting the dental office. For some, it’s a mild anxiety – for others, it’s a fully-fledged phobia, leaving one-third of the US population avoiding trips to the dentist altogether.
However, while certain technological advances are improving patient experiences, minimizing discomfort and helping people overcome their dental fear – laser dentistry, 3D printing, intraoral scanning and so on – the unfortunate fact is that some of these same advances leave dental offices more vulnerable to cyberattacks.
For one thing, these devices can be difficult to secure and offer a potential entry point for cybercriminals looking to launch an attack on your network or steal patient data.
Dentists have a treasure trove of highly valuable patient data containing names, addresses, social security numbers, credit card details and other sensitive information that can be sold on the dark web for up to $1,000 per record – making them an attractive target for cybercriminals. The result is that if dental practitioners don’t take adequate cybersecurity measures to protect their networks, patients could end up trading one fear for another. Instead of getting anxious about drills and needles, they’ll avoid the dental office for fear of having their identities stolen.
Ransomware attacks are another huge concern for dentists with poor device and network security. Dental practitioners, of course, are bound by HIPAA – which stipulates that all PHI data must be protected at all times. This includes against loss, theft, or cyberattack.
All connected devices have vulnerabilities that cybercriminals can exploit – and that’s in addition to the persistent threats of social engineering, phishing emails and various other vulnerabilities in computer operating systems that can give a hacker the keys to your office network and hold your files to ransom.
What Are Ransomware Attacks?
Ransomware is a type of malware that encrypts files on a victim’s computer. The attacker will then demand ransom payment from the victim in order to obtain a decryption key that will restore the files.
In most cases, the victim must pay the ransom within a certain period of time or risk losing the files forever. The ransomware threat is indeed growing in the online world – and cybercriminals have targeted dental offices in the recent past. In 2019, for instance, a ransomware attack hit a dental IT vendor with a form of malware that spread to 100 dentistry businesses. The attackers demanded $700,000 to provide decryption keys.
How Do Ransomware Attacks Happen?
Ransomware attacks happen when a cybercriminal gains access to a computer or other connected device and then locks the device or encrypts the data stored on it. This can happen when a cybercriminal is able to hack a poorly-secured device remotely, or when someone mistakenly downloads the malware via a phishing email attachment or link to a malicious website.
Once installed, the ransomware then holds your files hostage – and there’s no guarantee your data will be restored, even if you do pay the ransom. The frightening thing is that ransomware attacks are extremely easy to launch – even by amateur attackers with little computer skills. Ransomware-as-a-Service (RaaS) software, for example, can be accessed for a small subscription fee on the dark web.
As cybersecurity company UpGuard explains, “Like all SaaS solutions, RaaS users don’t need to be skilled or even experienced to proficiently use the tool. RaaS solutions, therefore, empower even the most novel hackers to execute highly sophisticated cyberattacks.”
Types of Ransomware
Though there are many different variants of ransomware that have emerged over the years as the malware has evolved, they mainly fall into two main types. These are crypto ransomware and locker ransomware.
Crypto ransomware encrypts files on the device, so they become unusable. Cybercriminals then use the software to generate income by demanding victims pay a ransom to recover their files.
Locker ransomware, meanwhile, does not actually encrypt files. Instead, it locks the victim out of their device, leaving all files on it inaccessible. Again, victims must pay a ransom to regain access.
How to Prevent Ransomware Attacks
The nature of ransomware means that cybercriminals can choose their targets. Given that healthcare businesses like dental offices are naturally rife with valuable patient data that those businesses are law-bound to protect, it’s no surprise that cybercriminals are increasingly targeting them.
To prevent ransomware from affecting your business, there are three crucial rules to live by – backup, update and educate.
The very best way to avoid being locked out of your critical files is to ensure you always have backup copies of them. These copies should be located offsite with a HIPAA compliant cloud provider. This way, if you do get attacked with ransomware, you can restore all your files from backup, get your business back up and running in matter of hours and will never have to pay a ransom. In fact, with a trusted backup and disaster recovery plan in place, 96% of companies can survive a ransomware attack.
Always make sure your cybersecurity software is kept up to date on all your devices. All of them. Anti-ransomware and anti-malware providers regularly release updates of their software to keep one step ahead of cybercriminals. Make sure you regularly install these updates, as they will come with new security features and patches to keep your systems safe.
Provide regular cybersecurity awareness training for all members of your organization. Everyone needs to be educated on how to recognize and avoid social engineering and phishing attacks. What’s required is constant vigilance, as any link or email attachment from an unknown source could potentially initiate a ransomware infection.
Ready to Back Up Your Data to the Cloud?
Ransomware is a real threat to all dental practices and it isn’t going away any time soon. While there is no way to stop cybercriminals targeting your office, you can take the proper steps to ensure your files are always protected by backing them up in the cloud.
Central Data Storage offers a fully supported and HIPAA compliant Backup and Recovery solution for effortless data protection. With unlimited storage capacity and beyond-military-grade encryption for all your files both at rest and in transit at our secure data center, your data will never fall into the wrong hands and you’ll never have to pay a ransom.