Starting the Year With Good Cybersecurity

Starting the Year With Good Cybersecurity. Image credit: © Leonardo – stock.adobe.com

Traditionally, I have devoted the first column of the year to coming up with a set of resolutions for the new year—things offices should be doing and reevaluating to start off on the right foot. This year will be no different.

One of the challenges many practices face when it comes to technology systems is that when things are working as expected, they tend not to think about them or do a deeper dive into those systems. This is like the bombed-out tooth with subgingival decay; even though the crown may look perfectly normal, there are problems under the surface that need to be identified and resolved. So, in that spirit, I wanted to give dental offices a high-level overview of what they can and should do to be more proactive. A deeper dive into these areas will appear in future issues.

1. Strive to become more compliant with the Health Insurance Portability and Accountability Act (HIPAA). I have been lecturing on and writing about HIPAA for almost 15 years, but for reasons that are unclear, many practices do not take HIPAA compliance seriously. I often hear from dentists who do not believe they are at risk, or they cannot justify the costs, or have numerous other reasons for deciding to put HIPAA compliance on the back burner.

Speaking to my clients who have gone through HIPAA audits, this approach is not in your best interests. HIPAA audits are no joke; even first-time offenses can draw fines of $50,000 to $100,000, and if it is determined that there was willful neglect, those fines can be raised exponentially.

You would not treat a patient without diagnosing and treatment planning first; HIPAA is no different. Do a formal risk assessment annually and develop a HIPAA management plan to address issues you find. Then resolve those issues, because knowing what they are is just half the battle.

2. Make sure your backup and disaster recovery system is intact and working. One thing I highly recommend is doing regular test restores of your data; I have seen many instances in which the software verified that the backup was working when in fact it was not. There are plenty of ways to do a test restore. One I have always recommended is to just restore on a laptop or home PC.

The other reason I recommend test restores is that you want to see how long it takes to be up and running from a server going down. This should be measured in minutes or an hour or 2, not days. You can run this test by simply turning off your server and seeing how quickly you can be functional again.

3. Get a better handle on your cybersecurity. As I have mentioned in many previous articles, ransomware is the biggest threat to dental offices and pretty much any other industry—more than the Occupational Safety and Health Administration, more than insurance, more than anything. Within seconds, you can lose access to everything you spent decades building.

You need to have a plan in place to protect your practice from ransomware. Typically, this would include a business-class firewall, antiransomware software, and a new technique I discussed last year called application whitelisting.

Ignoring your information technology systems and hoping that they are working well is not a long-term solution for dental offices. I recommend doing a reevaluation on a quarterly basis but if that does not work, then doing it at the beginning of the year is always a great idea.