Managing Your Security as Cyberattacks Intensify

Robert McDermott

IN FEBRUARY OF 2024, Change Healthcare, a major healthcare technology provider that processes over 15 billion prescriptions a year, was attacked and its data held for ransom by cybercriminals, forcing Change Healthcare to disconnect over 100 systems. In addition to the significant impact on healthcare providers who were unable to process payments, even more patients were unable to get medically necessary drugs.

Unfortunately, the impact of this attack sent out a tsunami, impacting critical components of digital healthcare delivery, from billing and insurance to payments and ePrescribing.

You may think cybercriminals only attack big organizations, but that’s not true. Attacks can happen to any sized practice. As dental care providers, it’s a reminder that healthcare security and reliability are a chain, only as strong as the security mechanisms of the most vulnerable link.

As with any attack, mitigation efforts, understanding the key vulnerabilities and strategies to lessen them, is the first step:

1. The risk of unauthorized users gaining access to sensitive patient information can be mitigated by implementing multi-factor authentication and role-based access control to limit system access only to authorized personnel.

2. Data breaches can lead to compromised confidentiality and privacy, along with the risk of fines and reputation damage. To mitigate this, encrypt data both at rest and in transit to prevent unauthorized access. Additionally, configure “ransomware resistant” backup to enable a quick recovery in the event of an attack and regularly update security protocols.

3. The risk of phishing emails targeting dental staff can be limited by educating employees about recognizing and avoiding phishing attempts through regular training sessions and implementing email filtering systems or secure HIPAA-compliant email to detect and block suspicious emails.

4. Exploitation of software vulnerabilities may allow malicious actors to gain access or disrupt operations. This can be avoided by keeping software up to date with the latest patches and security updates and conducting regular security audits and penetration testing to identify and address potential vulnerabilities.

5. Malicious actions or unintentional errors by authorized personnel, resulting in data breaches, can be mitigated by requiring the use of auditable user-activity monitoring and logs to detect suspicious behavior.

6. Security vulnerabilities in third-party components or services integrated with ePrescribing software present a risk. When selecting third-party vendors, establish clear contractual agreements outlining healthcare security requirements and responsibilities.

The Change Healthcare cyberattack highlights the interconnected nature of digital healthcare systems. An attack on one component can have far-reaching consequences across an entire healthcare network, disrupting operations and compromising patient safety. Beyond HIPAA compliance, safeguarding patient data and maintaining the trust of patients and stakeholders are paramount.

There are a lot of measures you can take to ensure the safety and security of your dental practice’s IT infrastructure and the sensitive data contained within. While no measure is foolproof, implementing risk-mitigation efforts is required not just by law, but through your commitment to your patients, your team and your practice.

Mr. McDermott is president and CEO of iCoreConnect. NYSDA endorses iCoreExchange encrypted HIPAA email from iCoreConnect. To prevent breaches of sensitive patient information, iCoreExchange ensures all email communication is safe and secure. Book a demo now or call (888) 801-7706 to learn more. Member discounts apply.

BOOK A DEMO