Identity theft expert Mark Pribish offers guidance of how to recognize and avoid cyberattacks to help safeguard employee and customer information.
Mark Pribish defines terms to help your office recognize and avoid cyberattacks
Most people think identity theft is a problem for the individual consumer only. However, based on “The latest healthcare data breaches in 2019 (https://portswigger.net/daily-swig/the-latest-healthcare-data-breaches-in-2019),” identity theft and data breach events have become a significant compliance and risk management issue for all business sectors, including dental offices and dental patients.
As an orthodontics practice, you need to pay attention to the unprecedented rash of data breaches and focus on identifying gaps and vulnerabilities to improve your cybersecurity posture to defend against cyberattacks.
That said, let’s begin with four basic information security and governance fundamentals in the orthodontist industry:
- Orthodontists handle Personally Identifiable Information (PII), including social security numbers, credit card information, bank account information, driver’s license numbers, birth dates, and private health insurance information.
- Orthodontists use e-mail, computerized accounting, and electronic procurement to store and transfer employee, customer, and member data within and outside their computer networks.
- Orthodontists fall into the Healthcare business sector where Healthcare data breaches will cost the sector $4 billion this year, with hackers outpacing the security technology and processes of provider organizations.
- Healthcare organizations, including orthodontists, face financial penalties when a data breach occurs and are accountable to the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Act (HITECH).
If these four points do not heighten and amplify your concern for your orthodontic practice for better information security and governance, then maybe Experian’s 2020 Data Breach Industry Forecast (https://www.experian.com/content/dam/marketing/na/assets/data-breach/white-papers/Experian-Data-Breach-Industry-Forecast-2020.pdf) will.
According to Experian, “Cybercriminals will get more creative in 2020, harnessing technology and advanced tactics to cause disruption for businesses, governments, and consumers.”
Experian stated the top data breach trends of 2020 include the following:
- “Cybercriminals will leverage text-based ‘smishing’ identity theft techniques to target consumers participating in online communities, such as those supporting presidential candidates, with fraudulent messages disguised as fundraising initiatives.”
- “As cities install more free public Wi-Fi systems, hackers will take to the skies via the use of readily available drones to steal consumer data from devices connected to unsecure networks on the streets below.”
- “Cybercriminals will use so-called ‘deepfake’ video and audio technology to disrupt the operations of large commercial enterprises and potentially create geo-political confusion among nation states, in addition to disruption in financial markets.”
- “As a form of protest, we will see many burgeoning industries, such as cannabis retailers, cryptocurrency entities, and even some environmental organizations, targeted for cyberattacks as a result of online activism or ‘hactivism.’”
- “With mobile payment options popping up everywhere from a local café to the beer vendor at a stadium, Experian predicts that there will be a significant spike in identity theft as cybercriminals seek to exploit the convenience of point-of-sale transactions, especially at large venues like concert festivals and sporting events.”
So how can your orthodontic practice stop a data breach event from ever happening? The simple answer is you can’t and you won’t. Just ask Equifax, Capital One, or Delta Dental of Arizona.
All three companies represent the credit bureau, banking, and health insurance business sectors.
These three business sectors have more financial and information technology (IT) resources than any other industry groups, and they could not prevent a data breach event from happening.
Why? Because information security and governance is more than an IT event.
Equifax was initially hacked via a consumer-complaint web portal, with the attackers using a widely known vulnerability that should have been patched along with failing to renew an encryption certificate on one of their internal security tools.
Capital One’s data breach was impacted by the insider threat where a former Amazon cloud employee lacking character and integrity is now being charged with computer fraud.
Delta Dental of Arizona became aware of suspicious activity and learned that a Delta Dental employee fell victim to an “email phishing scheme” that allowed an unauthorized individual to gain access to said employee’s email account.
In each case, each of the three data breach events was preventable except for current and former employee negligence and malice.
The fact is that hackers and the insider threat (current and former employees, vendors, and contractors) will target orthodontic and dental practices along with other healthcare providers because patient records include sensitive data that can be used to commit crimes like identity theft, credit card, and health insurance fraud.
While it is critical for every orthodontic practice to implement and update information security and governance policies and processes, including penetration testing and vulnerability scanning – I believe employee training is the number one defense against the risk of identity theft and data breach events.
Based on the above, I recommend that every orthodontic practice share this Consumer Affairs link (https://www.consumeraffairs.com/finance/identity-theft-statistics.html#) on 2019 Identity theft trends and statistics.
Read the easy-to-read glossary above, and understand identity theft terms to help employees keep up on the current threat environment.
To conclude, the more your employees understand identity theft and cybersecurity terms, the more equipped they will be to help safeguard employee and customer information.
Editor’s call to action
Read 4 data breach best practice tips by Mark Pribish to recognize and avoid cyberattacks.