4 Kinds of Cyber Attacks That Dentists Need to Know about

Posted by on Sep 14, 2020 9:00:00 AM

Dental practice cyber attacks can occur without warning and cause significant damage. 

When a data breach exposes confidential patient files, it may also leave your practice open to HIPAA violations and possible legal action. Although large-scale attacks make the news more often, smaller organizations may be at greater risk for cyberattacks because they’re less likely to have robust security systems.

One of the ways to prevent dental practice cyber attacks is to make sure that you and your team are aware of the different forms of cybercrime. Looking out for the tricks and strategies that hackers use can help you protect your business, your employees, your patients, and yourself.

1. Phishing

A phishing attack occurs when the cybercriminal attempts to gain access to your system by sending an email to your team that appears to come from a trusted source. 

Common phishing attacks contain links that send recipients to disguised pages that look legitimate and request information like usernames, passwords, and even social security numbers. However, once that sensitive information is submitted, it goes to an unknown cybercriminal who can now access your systems or exploit your team’s personal information for selfish gain. 

Ways to Prevent Phishing Attacks

It’s crucial to train your team on your trusted third-party vendors and sources. It’s also important to discuss how they format their names, the points of contact you use with each vendor, and any other identification process that can help keep your business safe. 

You can also give your team a guiding rule of thumb — when in doubt, ask for verification of the sender’s identity, company affiliation, and relationship to your practice. 

2. Spear Phishing

Regular phishing attacks are general attempts to gather information or corrupt files. A spear phishing attack, on the other hand, is a researched and highly-convincing attempt to earn personal information by impersonating an individual. 

Cybercriminals know that the more convincing they can make an email appear, the more likely people are to click it and follow its instructions. They may research your company’s name, your name, your email address formats, and more to create these fraudulent (though convincing) messages. 

Ways to Prevent Spear Phishing Attacks

As with general phishing attempts, you can always check the sender’s website / domain, how they spell it, how they format it, and more. For example, if the email says it's coming from someone@johndoe.org and they send you a link to johndoe.us, that’s a red flag that you’ve been targeted by a spear phishing attack.

3. Password Attacks

There are several ways cybercriminals attempt to figure out passwords. Snooping through personal information is one of the most common. 

It’s smart to instruct your team not to enter passwords, usernames, or other system credentials when patients can view a computer screen. It’s also essential for them not to write down passwords and to keep identifying documents out of sight. 

While it’s easy to trust a patient, especially one whom you’ve known for years, you never know who has malicious intent or the ability to exploit that essential information. 

In addition, hackers also sometimes use online games to collect sensitive information from people in order to guess passwords to “brute force” their way into your systems. They may also employ a "dictionary attack," which uses a sequence of common passwords to attempt a data breach.

Ways to Prevent Password Attacks

In order to prevent hackers from making continuous random guesses to gain access to your system, you can set up an account lockout policy so that locks someone out of your internal systems after a series of incorrect guesses.

For your team, this could be a minor inconvenience if they forget their passwords. For cybercriminals, it may be permanent block that keeps them away from your important information. 

4. Malware Installation

Malware is a portmanteau of “malicious software.” It’s installed on computers in your practice’s network without your knowledge and consent, setting the stage for a future cyberattack. 

There are many different types of malware: 

  • Trojans, which are viruses disguised as helpful programs to get you to install them
  • Adware, which prompts unsolicited advertisements on your computers
  • Worms, which provide cybercriminals with ways to manipulate and exploit your systems
  • Ransomware, which encrypts your practice’s files and forces you to pay to have them unencrypted
  • Keyloggers, which record keyboard inputs from your computers and report them back to an unknown watcher
  • And more. 

Ways to Prevent the Installation of Malware

One of the ways to prevent malware is to make sure to keep your systems and your anti-virus software up to date so that malware cannot enter. 

You will also want your IT team to make regular backups and audit your system routinely for evidence of suspicious activity.

Preparation as a Line of Defense

Mounting a good defense against cyber attacks means understanding what you're up against and taking routine action to keep your IT systems free of corruption. But what happens if cybercriminals get through to your systems, even despite your best efforts? 

That’s where data breach coverage can help. 

Data breach coverage may help protect you from the fallout of a cybercriminal breaching your internal systems, stealing patient data, and more. Getting it for your practice is often as easy as adding it to your business owner’s protection policy, or purchasing a stand-alone data breach policy. 

To learn more, read our data breach protection page

Learn More about Data Breach Protection

Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, LLC.

Insurance products are offered through Treloar & Heisel, LLC.

Treloar & Heisel, LLC. and its divisions do not offer legal or IT advice. Please consult a professional concerning these topics. This content is intended for general informational purposes only and is not to be construed as advice.

20-074

Subscribe to our Blog

New Call-to-action