Message Boards
Today's Active Topics Today's Active Cases Browse Forum Categories My Recent Activity My Messages Private Groups My Marked Threads My Subscriptions
Today's Active Images Today's Active Polls Most Active Topics Global Townie Map Advanced Message Board Search Message Board Terms of Use

Dental Law - What You Need To Know
Dental Law - What You Need To Know
A summary of what every dental practice owner should know and implement in the day to day operations of their practice.
Blog By:
dentalattorney
dentalattorney

Cyber Security in the Dental Industry

Cyber Security in the Dental Industry

7/25/2019 7:38:00 AM   |   Comments: 0   |   Views: 39
                                        
Top 5 Current Cybersecurity Threats Include:
                                        
            
                    
  1. Email phishing attacks - an attempt to trick the email recipient into giving out information over email                 
                          
    • appears to come from a trusted source
      •                     
    • usually contains an active link or file that may download malware or access sensitive information
      •                 
                    
    2.                 
  2. Ransomware attacks - a type of malware that uses encrypting to deny access to a user's system and data until a ransom is paid
    3.                 
  3. Loss or theft of equipment or data                 
                          
    • Vulnerabilities include:
      •                 
                    
                          
                                
      • lack of asset inventory and control
        •                         
      • failure to encrypt data
        •                         
      • lack of physical security (an open office & poor physical management)
        •                         
      • lack of simple safeguards (computer cable locks)
        •                         
      • lack of effective vendor security management (data and equipment protection and security measures)
        •                         
      • lack of a process to clear sensitive data before IT assets (discarded medical devices that may be transferred or used by other organizations)
        •                     
                      
                    
    4.                 
  4. Insider accidental or intentional data loss                 
                          
    • Vulnerabilities include:
      •                 
                    
                          
                                
      • sensitive data files accidentally emailed to incorrect or unauthorized addresses
        •                         
      • lack of adequate monitoring, tracking, or auditing of access to patient information on electronic health record systems
        •                         
      • lack of logging and auditing of access to technology assets (email and file storage)
        •                         
      • lack of controls to monitor emailing and uploading of sensitive data outside the network
        •                         
      • lack of access controls and employee training regarding social engineering and phishing attacks
        •                     
                      
                    
    5.                 
  5. Attacks against medical devices relating to patient safety - a hacker may attempt to gain access to the network to take control of medical devices and place the patient at risk
    6.             
            
                                        
10 Cybersecurity Practices to Minimize Threats Include:
                                        
            
                    
  1. Email protection systems - "free" or "consumer" email systems should be avoided
    2.                 
  2. Endpoint protection systems - desktops, laptops, mobile devices, and any other devices connected to the network should be protected and secured
    3.                 
  3. Identity and access management - identify users and audit access to data, applications, systems, and endpoints 
    4.                 
  4. Data protection and loss prevention - categorize data as highly sensitive, sensitive, internal use, and public use and 
    5.                 
  5. Asset management - integrate daily IT operations into processes to protect IT assets (procurement, deployment, maintenance, and decommissioning of devices)
    6.                 
  6. Network management - have strong firewalls in place for proper access inside and outside the organization
    7.                 
  7. Vulnerability management - implement processes to classify, evaluate, prioritize, and remedy vulnerabilities in the system
    8.                 
  8. Incident response - implement systems to quickly detect cyberattacks and develop processes to quickly respond and resolve the issue allowing the breach
    9.                 
  9. Medical device security - any device directly connected to a patient for diagnosis or treatment should always be tested for safety and quality control
    10.                 
  10. Cybersecurity policies - cybersecurity roles and responsibilities should be defined                 
                          
    1. employees should be adequately trained to handle common cyberattacks
      2.                     
    2. acceptable use of data, equipment, software, and programs should be defined
      3.                     
    3. position on personal devices should be outlined
      4.                     
    4. office policy for mobile devices should be provided
      5.                     
    5. a process for reporting suspicious activity should be in place
      6.                 
                    
    11.             
            


OBERMAN LAW FIRM 

Stuart J. Oberman, Esq handles a wide range of legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA, and HIPAA compliance, real estate transactions, lease agreements, noncompete agreements, dental board complaints, and professional corporations.
 
For questions or comments 
regarding this article 
please call (770) 554-1400
or visit www.obermanlaw.com
 
 Email Emily Scarborough at emily@obermanlaw.com to hear Stuart J. Oberman, Esq speak at your next event.

You must be logged in to view comments.
Total Blog Activity
997
Total Bloggers
13,451
Total Blog Posts
4,671
Total Podcasts
1,788
Total Videos
Dentaltown Magazine
September 2025
Dentaltown Magazine September 2025 Read Current Issue Read Archived Issues
Sponsors
Townie Perks
Townie® Poll
Who or what do you turn to for most financial advice regarding your practice?
  
Site Menu
Message Boards Magazine Continuing Education Podcasts Blogs Classifieds Dental News Events Townie® Poll Ebooks Townie Choice Awards
Company Info
Contact Us Advertise With Us Howard Farran DDS, MBA Policies and Agreements
Site Help
Sally Gross, Member Services Specialist
Phone: +1-480-445-9710
Email: sally@farranmedia.com
©2025 Dentaltown, a division of Farran Media • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450