Dentistry Uncensored with Howard Farran
Dentistry Uncensored with Howard Farran
How to perform dentistry faster, easier, higher in quality and lower in cost.
Blog By:
howard
howard

1253 Fred Sagester on the Basics of Dental Office Cybersecurity : Dentistry Uncensored with Howard Farran

1253 Fred Sagester on the Basics of Dental Office Cybersecurity : Dentistry Uncensored with Howard Farran

9/20/2019 6:00:00 AM   |   Comments: 0   |   Views: 77

Fred Sagester was a software developer consulting for Fortune 500 companies when a colleague asked if he would install the computer system in his new dental office. 18 years later, Fred now leads a dental technology company regarded as one of the Midwest’s most talented and respected.

VIDEO - DUwHF #1253 - Fred Sagester

 

AUDIO - DUwHF #1253 - Fred Sagester

 

A native of Batesville, IN, Fred holds a B.S. degree in computer science from Franklin College of Indiana.  After graduation, he worked 15 years for various technology consulting firms, specializing in writing database management systems.

Fred’s significant experience in dental technology and computer integration has led him to be noted as one of the foremost system designers and troubleshooters in the field. He has exceptional knowledge in virtually all of the leading practice management software packages and digital radiography systems.  A number of manufacturers, suppliers and even some competitors consult Fred on some of their most challenging technology issues.

Under Fred’s leadership, Sagester Associates Group, Inc. now supports dental offices in six states and maintains bases of operation in Indiana. Kentucky, and Ohio.

Recently married, Fred and his wife Tami have 6 kids between them. Add in husbands, soon to be wives, boyfriends, and girlfriends and things can get really crazy.  Their kids range from high school to going off to college in every corner of the U.S., soon to be married, and married almost 4 years.  With a big family, Fred can always be sure of one thing…life is never boring.



Howard: it's just a huge honor for me today to be podcast interviewing Fred Sagester who was a software developer consulting for fortune 500 companies when a colleague asked if he would install the computer system in his new dental office 18 years later Fred now leads a dental technology company regarded as one of the Midwest's most talented and respected a native of Batesville Indiana Fred holds a BS degree in computer science from Franklin college after graduation he worked 15 years for various technology consulting firms specializing in writing database management systems Fred's significant experience in dental technology and computer integration has led him to be noted as one of the foremost system designers and Troubleshooters in the field he has exceptional knowledge in virtually all the leading practice management software packages and digital radiography systems several manufacturers suppliers and even some competitors consult Fred on some of their most challenging technology issues under Fred's leadership Sangster associates group now supports dental offices in six states and maintains bases of operations in Indiana Kentucky Ohio recently married Fred and his wife Tammy have six kids between them adding husband soon to be wise boyfriends and girlfriends and things to get crazy their kids range from high school to going off to college in every corner of the u.s. soon to be married and married almost four years with a big family Fred can always be sure life is not gonna be boring and this is so timely because I was thinking about you all weekend because my gosh the biggest threat on dental town over the weekend is hundreds of dental offices were hacked across the country did you hear about that

Fred Sagester:  oh yes yes you actually the information you had sent me I had already read all up gotten the information before you've got it we've done a lot of research looked at everything it was a pretty big hit to hit about four hundred offices and the ransomware they got spread throughout those offices was really crazy 

Howard: so so we're so that it was ransomware it actually happened my son and you know we we have dental town so we have programmers my son brought his laptop over here and my head programmer said just throw it away and go buy another one

Fred Sagester: I don't know gotta go that far but it can once ransomware it gets in it can be pretty crazy too pretty complex to clean it up it's possible but they're trying to the whole goal of the the ransomware the criminals that put it in is to basically turn it into money that's the whole that's the whole premise behind crime in these days is the signed cybercrime is basically just turning it how can I get money out of you know different people prospects things like that

Howard:  so what would so you're in the field you're working this in dentistry all day long what are you seeing in the field what exactly is cybercrime and and do Dentists really have to deal with it 

Fred Sagester: well actually it they're dealing with it more than they they've really want to or expect to it's crazy the about let me see what is it about a 50 to 60 percent of dentists have to deal with crime at some point and crime crime makes up two point one trillion dollars which is it it's it makes it one of the world's top 20 economies so the amount of dentists that are dealing with it and the reason they're they're dealing with it is because they don't take the steps necessary because they're usually in most cases a small one or two owner shop that don't have the IT resources or don't know that they need to be protected and they most of them statistics show that most of them don't have the protections they need they don't follow it nobody's watching or monitoring it so it becomes the low-hanging fruit which is why criminals are going after health care in general and especially dental 

Howard: yeah so I'm what so what is your you know like your dentist says a filling a crown you know a root canal what would are they like the main things that you offer as Sangster calm we we do and 

Fred Sagester: we do a full we do a full support but we offer just a cyber crime or a cyber security package if you go to if you actually go to sagest or comm cyber it's the 8 top things that we offer it's all in one package it's a it's a the big thing on all of these and I'll go through them is we're monitoring them it's not just antivirus for example many dentists go out and purchase an anti-virus they install it and say ok we're good the difference is the end of our subscription might run out or they get a some kind of breach and don't realize it the thing is that nobody's watching it so with this the the cyber protection that we offer it we actually monitor it all the time if you're if you turn to that website it say that the 8 top things we offer a business-class antivirus it's an anti-virus you cannot buy in the store you can't buy it online if you were to go to the company and say I want to buy your antivirus they'll say you know a minimum of 200 seats or we don't really want to talk to you we want bigger we want bigger level enterprise and it's designed to prevent against ransomware and for example I'll give you we we had a we had a longtime client that had three practices and retired so to a corporate okay and they said you know we had a way to cancel your service we're selling I'm retiring which we understood we were we were slow removing our antivirus because we can control it completely from our from our side of things we were slow in removing our antivirus from their systems it just meant they had extra protection so it wasn't a big deal about three weeks after they had canceled and the corporation who has their own IT department took over on a Saturday we get an alert and we called that we called the office and said you know are you having problems you know even though they're not a client we kept him updated turns out the entire corporation across the u.s. from this from this IT corporate dental company every one of their offices had been hit by ransomware except for these three offices that this Dennis still owned which was stayed protected so even corporations are having you know they're having problems trying to keep up and watch their security but our antivirus had beaten it had defended against it when you know even a major corporation across the US had problems that's the first thing the second one is a is a firewall and many offices will say yeah I got a firewall well it's it's the firewall that comes with your internet provider is what they usually have and that's not it's not really a protection it's more of a stoplight meaning if you go onto the internet and you log in you you go to a website it says you asked for the website I'm giving you the data you asked for it this one this firewall is the way it what it does is it has another layer of checks meaning it checks the data coming in it has subscription to it similar to what an antivirus would to wear it it will it will check and make sure the data is good even before it gets to the workstations the antivirus checks it again the the firewall a good way to to know if you have a good firewall if you paid anything less than $1,000 for your firewall it's probably not gonna be there good it's a it's a general rule of thumb our package includes backup it's a it backs up every evening it's completely encrypted completely HIPAA compliant again if the backup has a problem it doesn't work we get alerted immediately so we know we can take the steps to fix the backup so there's no problems about every office I walk into I ask them two questions do you have a backup everyone will say yes and then I'll say well can you prove it about 60 50 60 percent go well they tell me I have a backup this one sends you a report every day so you know you have a backup we it's it's less that the doctors are either not checking it or they don't know anything about it or they just assume that the office manager the IT company or whoever handles it we try and keep the offices informed as possible on things like that we go down to Windows patching Microsoft puts out security updates on an ongoing basis okay it's a and the security updates will basically never stop they'll always find a problem for example Windows XP everybody knows it it was around for 10 plus years ok the a week after XP was retired somebody found a security hole in it that had been around the entire 10 years so the patching is going to continually happen we make sure all of your machines are patched secure email well there's there's many many offices that don't realize they need this or don't have it any patient information you send electronically needs to be sent securely and the thing with this secure email is it doesn't change your email address it allows you to send patient information to specialists to other practices to patients securely from your email address if you're using Outlook for example it's as easy as a button it says send and a button it says send secure so it's it's pretty simple to do it and then we get down to the things that little to no offices are doing things like staff education one of the things that we cannot defend against using our software tools is the human factor okay there's things if that the staff clicks on or brings in plugs in that we can't necessarily defend against well we have it we have an educational platform that they can go in and and look how to recognize a scam email but there's a there's a number of different educational classes tools videos that they can watch and we can add more if the office wants a particular a particular topic we can that can always be added we also do dark web monitoring if you've ever if you've ever heard of the dark web or are you familiar Howard you familiar with the dark web how it works anything along those lines 

Howard: yeah I am but III want to go back to where we started and that is um you know these guys were 400 dental offices in Wisconsin it was they were using their State Dental Society I mean it's the it's the Wisconsin the Wisconsin Dental Association which is the leading voice of approximately 3,000 members the dental record is a Dental Supply Company and subsidiary of the Wisconsin Dental Association so here's guys in Wisconsin my homies and they're members of the Wisconsin Dental Association that's theer only voice that's their parents like him or not they're your parents um they own the dental records it's supply company subsidiary and the so it seems like they did everything right and they're all hacked you know four hundred people are hacked in and they paid a ransom it was a purchase off well I'll just read you because there might be some people listening didn't hear it so it was a nap just what day was it as it happened on my birthday August 29th last Thursday hundreds of dental practices in the United States have had their computers infected with ransomware the incident is another case of a ransomware gain compromising a software provider and using its product to deploy ransomware on customer systems in this case the software providers are the digital dental record and Percy soft to Wisconsin based companies who collaborated on DDS safe a medical records retention of backup solution advertised to dental practices in the United States over the weekend a hacker group a hacker group breached infrastructure behind the software and use it to deploy our our evil sonoda video sounds Russian ransomware on computers had hundreds of dental offices across the u.s. so the digital dental record and Percy soft are are now sharing the Decrypter with their impacted offices first of all do you think the to me to me it makes me wonder if maybe Dental Association's should learn from this and not get into the cloud hosting services for dental offices I mean it's kind of like on my website on dental town for 20 years people have said well why don't you take a credit card so we can do this like dude I don't want to hold your credit card number you hold it give it to your mom to hold it for you I don't want it do you think dental is so do you think this is a wake-up call to Dental Association's that maybe they shouldn't get into the cloud hosting arena 

Fred Sagester: yes definitely it's a if if they're going to look at doing it get to an expert that they can outsource it to partner it to there's a there's a reason for example there's there's a reason that we don't do you know that we don't do certain aspects of the dental industry we stick to what were the experts at and the I know that the the different State Dental Association's want to offer more to their to their members but they're they're not being protected like they think they are and many of them go in and say yeah we're protected in and they don't they really aren't which is which is the problem 

Howard: well I mean hacking is no longer just some crazy guy in the basement on his laptop I mean yeah some people are saying that China has over a hundred thousand employees that work for the Chinese government official agency to hack Russia North Korea I mean these are no longer you know guys in the basement these are sophisticated operations 

Fred Sagester: correct China you mentioned China for example its unit its unit 61398 these guys go to work every day to hack into American businesses that's their job and what's crazy is they publish a five-year plan they don't care that everybody knows this this is what we're going for this is the American businesses we're going to hack into number ones health care number two small businesses of that top five so every dental falls into the top two because they're just the easiest to hack into so there's a lot of things they're defending against that have a ton of resources in the Ukraine there's organized crime and it's crazy the organized crime when they were arrested a few years ago they had kept all of their receipts in over a three-year period they made over five hundred million dollars they had they had LinkedIn accounts they had Facebook Twitter that they advertise jobs on monster I can show you a picture of the building I could show you pictures of their team-building exercises they did and that's what they did every day that they built a what they what officially they were building was an anniversary giving you a virus and then give you the antivirus to to defend our to inoculate it so the  dentists don't realize there are a ton of resources than they have that they're trying to defend against 

Howard: so bringing this down to reality you were getting ready to sign talk about the dark web I mean you're you're you and I were just at the Louisville Dental Association meeting what are you seeing in when you're in the real world out there calling dental offices what are they doing right what are they doing wrong what do you wish they all would do what is really bothering you where you're rolling your eyes 

Fred Sagester: it's just the basics even you know many even the top three or four things I see the overwhelm overwhelming majority of dental offices don't even have those you know things like just a business-class antivirus the firewall remote backup in Windows patching it you're down to you're down to well under fifty forty percent that have all of those and probably it's probably even less okay lightning me and you say fifty percent or less the dentists have the basics which what are the basics your your business class antivirus business you see glass antivirus mmm-hmm you see many dental offices that will they'll go by a residential type by antivirus or their download a free one free anti viruses protect from about 65 percent of viruses you need something that's a 99 plus percent you know so whoever they want anyway you recommend the antivirus we use is called Sentinel one spell se in TI n IL l antivirus Sentinel one s en TI n e l o NE com okay this this is the one that it's a it's an enterprise-level type antivirus and that's that will protect you against what we've not had it beaten yet and I've got 3,500 endpoints out there so we things like the bigger names that you hear of you know McAfee and Symantec they're good they're just not as good as an enterprise level yeah and 

Howard: it's hard to beat free I mean like say I was you know I have a friend he's really really sick and it's it's just beyond his comprehension to think well maybe the doctor that's closest to your house in your small backward town of nowhere Ville isn't the best guy to be treating this IV you know so it's a so okay so the basics are a business-class antivirus and software in your Sentinel one comm

Fred Sagester: a firewall this is not the firewall that comes with your internet provider okay this is a business-class firewall it will have a subscription base to it  can do and it can be complex to to manage it's not the thing of where you just plug it in and let it go it does it does things like country blocking in all of our firewalls I can turn off every country that's not America for example so the whole the whole China Ukraine we can take care of in one fail swoop because it they just cannot it won't let them in and the office can't get to any websites outside of America can't get to any servers outside of America you know every once in a while we'll get in an office it says I buy things online it's a sir it's in a server in Denmark you know well we just turn on Denmark but we can control country by country what they can get to so what's the business class firewall what's the one you recommend there we use one called Sophos s o ph o s Sophos  what you like about is you can turn countries on and off yes yep the the higher level firewalls besides having a subscription to it and it checking the data I can do things like completely blocking out countries so we can put a dome just over America to where we at least limit some protections to that yeah I I have heard about that turning off countries but

Howard:  I don't know if I should share with you how I know about that because it's so darn weird I'm gonna have to tell you anyway it's just so bizarre so I was lecturing and I you know if you're a dental extra you're always in Vegas right it's a it's a hub and so we were lecturing there and the meeting next to us was actually a big meeting for home dancers you know that the I don't even know what that is honors cold but anyway the the most important thing about this lecture and the franchise's that people who wanted to do this for afraid that some of their family would find him and the feature was that you could turn off up to five states now this was ten years ago you know so you could be doing something that you wouldn't want your mom see but you could back then when I when they're election next to me they could turn off five states but now is it still limited to five states or is it now it's countries yeah now this is a this is

Fred Sagester: more of a security something like that would be more I'm assuming like advertising based to where you could limit you could limit where your ads would go I'm assuming I'm trying to completely figure out you know how what exactly they were talking about the the reason we don't take out different states is because the different companies have servers and backup servers in different locations so like if I'm in Indiana and I'm looking to say I'm a dental office and I'm looking for different insurance and I'm going to different websites that may be in the east coast and if the East Coast ones down it reroutes me to the west coast so it it's a it's something that's really hard to do it would it's a matter of finding a good balance between making sure the dental office a is functional and keeping them completely secure so that's why we just do America all right so continue more with the basics after the firewall you have a remote backup you know this was the thing that we got recently hit the backup one it well across all of them it needs to be monitored your backup needs to be watched to make sure it's working okay too but that's one of the big problems is offices don't watch it they go back to doing dentistry which is what they should be doing but a remote backup it will increase you want a backup that is HIPAA compliant that is going to encrypt your data and send it to both coasts for example you get a that way if something on the East Coast has a problem you've still got another you still got another backup in you know spread out we also make a the same encrypted backup on it like an external hard drive that stays in the office okay it's not something you take out of the office you leave it plugged in the reason being if your server has a problem we can restore from that backup very quickly okay much quicker than bandwidth to download the data but if your building burns down we've got the data off-site it takes away the human error you've got practices and say my you know the doctor my office manager takes it off-site those usually are not encrypted or they forget or you know the backup doesn't happen things like that this is an encrypted automated backup that's monitored and then the last one the fourth one Windows patching make sure that there is that your windows are always constantly updated securely patches from Microsoft and every software has a patch meaning what the what the software company is saying is oops we missed something or we screwed up and here's a little fix for it okay and it's everything it's across every practice management it's across the operating system it's it's across every software that exists this one just happens to be your operating system which is what controls your security and everything that you run on we make sure those patches are installed you need to make sure Windows is updated and every once in a great while it happens about not quite once a year Microsoft puts out some kind of patch that just screws with the dental world you just want to make sure that those are not installed you know cuz it'll it'll come in and then your practice management won't work and you'll have no idea why it'll have weird errors so you have to kind of find the balance again 

Howard:  yeah I mean it doesn't make her stop I mean isn't it embarrassing I mean I mean we might hold dental career from when I got out of school you know you start buying this Microsoft software I mean every release they had was just filled with bugs I mean that guy never cared about quality for a minute I mean the other day I heard him lecturing on TV about how the world needs to make a better toilet and I swear to God I wanted to reach in the TV and pull them out of there and say well gosh the guy who made the most horrible software for 30 years I think he's still really software with bugs in it I mean so I said do you think dentistry would have been luckier we all would have gotten Mac I mean or are there lot less ransomware attacks if I if a Dennis was running everything on Mac an apple 

Fred Sagester: well macs have problems too every software has a patch that the  thing you have to take into account is all of the millions and millions of computers that are all different in their configuration and all the software that people put into it that's not made by Microsoft so maybe there's a there's a conflict somehow it has a memory problem that it's actually the problem of the software not the not Microsoft's operating system but the operating system gets blamed so it's a it's it's a matter of for example having one dental technique for every single mouth in the across the u.s. it's just you can't do it you know it you have to make adjustments here and there you're going to be putting out updates all the time the to talk about the kind of the Mac question the the majority of the dental software is dictated there's going to dictate the the operating system so you're looking at if you want to go to Mac you've really only got a few choices for practice management imaging you know it really limits that's just the way the industry is but

Howard:  but you know just one of those lifetime in your lifetime what percent of the software that Microsoft releases on do you think they know has bugs in it well that's a that's kind of a loaded question because every software ever released has bugs in it I'm reading right now on Microsoft related bug reports up a hundred and twenty one percent I mean I mean I don't know maybe this I have dental town but uh it just seemed to be so unethical that you would pay all this money for some Microsoft software and then you'd have to pay some tech guy to come out and fix all the patches and bugs and he'd be sitting there the whole time complaining about it just seems like um I don't know it just it just seems like they've never ever cared about quality and I don't care how much money Bill Gates gives away and what he does for malaria and all that kind of stuff that's all great but as far as a businessman III just thought he was a an unethical guy I mean he purposely sold software filled with bugs because it was just about money money money money money and now he's mister I'm gonna give everybody a clean toilet but we were talking about the basics and you said business anti business class antivirus and you recommend it sent along business class firewall you recommended Sophos what what are more of the basics that you're that need to be done the

Fred Sagester: the remote backup and that the Windows patching that we talked about the then you get into that those are the the four big ones remote backup windows patching and what do you recommend for the remote backup there's a few different offices are a few different options you want a you want a business-class remote backup you you don't want it I'm sorry say this but you don't want mozi you don't want Carbonite they're they're a very good backup but it's it's more residential based you need something that you know is going to be secure that you can also get back quickly and what do you want for you what companies doing that for you we're using we it's it's kind of branded in our own but we use a we use a backup system that's called cloudberry it's you're not necessarily gonna see it called cog Barre because the the msps that use it brand it their own way you know we put our logo on it and it's it becomes ours but it's and then we use a it encrypts the data coming out of the dental office and then stores it into a server and there's there's different options for server storage space it's out there and cloudberry would use some different ones but the key thing is the data is encrypted before it leaves your office so even whatever wherever it's being stored if that storage unit gets hacked for whatever reason that the data is just garbage because it's encrypted so you're protected the dental office is protected okay and then and then the last one 

Howard: you said Microsoft patches and you're saying it just happens and I'm just saying I don't know I have a very hard time with that company and in fact in fact they bought it that they bought they bought skive were escaping right now they bought that and now they bought LinkedIn and I just thought okay so now now LinkedIn and Skype has no chance of ever being a Mercedes Benz or Alexis it will be less somewhere between a Chrysler well and a Model T because it's about by the American company Microsoft where it's just about money money money  and we're the ones that want to pay this but anyway so what do you how do you recommend Windows patching for the horrific Bill Gates Windows 

Fred Sagester: that that's that's gonna be from your from your MSP from your IT support company that they're gonna use some type of monitoring tool and  there's a number of them out there you can't that the dental office can't go out and buy it it's a it's a higher level tech tool that watches the  computers and make sure they're updated so

Howard: do you use a do you something I mean what would you use what tech not what technology is yes we have we have a

Fred Sagester: we have a company called synchro there's there's auto task there's a couple the big ones there's auto tasks there's connect wise but you know there's a synchro synchro it's the and the dental office would would never see this it's a it's synchro MSP comm sy in CRO MSP comm it's a it's a platform that handles the remote monitoring it does things like ticketing it helps us keep track of the problems in office might have where the fixes are notes things like that so then is that is that then your base is that the four basics in business class antivirus business class firewall this is a class remote backup and wind Windows patching with is that the majority of the four basics there's another four which I see less and less things like secure email you know that's a HIPAA regulation you know and we get more and more dental offices or realizing for HIPAA they have to have secure email so I'm seeing it more more often but they're still you know it's less than 30 percent of offices that

Fred Sagester: I'm seeing that have secured email yeah I mean it's just from my personal way and I've seen a lot at dental offices it's there's just not that many that are following the regulation and getting the security mail and 

Howard: what would software do you recommend for secure email

Fred Sagester: we use a company called neo certified it's a I think there are there are some secure emails you can get like well we there are some dental practices that are I'm sorry there's some dental organizations that are getting into the secure email business you know similar to like the backup and trying to offer that but that's just a tool that we use there's there's a number of different security males that are out there 

Howard: so you like neo certified and and so so you're saying that that's considered a basic yet only 30% of dentists are doing it 

Fred Sagester: yes I'm gonna I'm gonna get into even that the next three I'm gonna get into what we would call a basic that I could get down to less than 1% of dental offices are doing it all right three you say three more three more and what are

Howard: these is called the basics of the basic the basics of the basics of cybersecurity a dental office cybersecurity or just type of security this can be this can work across the across the gamut for all different types of corporations all different types of businesses but especially in dental offices okay okay so I'm so continuous antivirus firewall remote backup patching certified secure email what else

Fred Sagester: staff education many especially your your front office gets emails all the time and don't realize that it might be a scam email for example they've gotten we've had calls from offices it said you know my I've got a virus can you come out and help it was a resume that they had posted a job looking for a hygienists and somebody a hacker sent them a resume for a hygienists as soon as they open it it installed you know it breached their system so that there's a few different things and this is just one part of the staff education that in every email there's a there's some little markers that you can tell that it's a scam you know so it's the if we teach the the company we teach the staff to look for before they open before they click on anything in any email look for one or two things you know and then they get used to it then it eliminates a big percentage of problems just by noticing these couple things and and what's crazy is the scam emails if I were to take two emails and put them side by side for you and say which one's the scam it in many cases the scam emails look better than the actual email coming from the company

Howard:  ha now when you're talking about staff there's over 30 types of staph bacteria what which one of the bacteria are you talking about no do you like your your dental staff your front office that was a joke I was trying to be funny I don't know if they were Staphylococcus aureus or staff but anyway so so they're opening up email is it just is it just say no to opening up anytime someone send you a PDF or I'm getting my email of the day is someone left a sudden love me a voicemail so they emailed it to me and I'm just uh open up and listen to her voice no of course I haven't done any of them and the

Fred Sagester: the first thing is if you don't know the email you know you don't recognize the sin don't open it you know in some cases that that's a that's kind of a first rule of thumb if you if you get something that's a I just don't know who it is you know if or somebody that you know but it looks a little off pick up phone and call them did you send me an email you know I'm looking at this and not sure about it you'll find it many times they'll go nah sorry I was hacked and this information is being sent out and then you get cases like you know you get a dental office we'll get an insurance related email well they need that they need that to be able to work so we teach them how to look at two or three quick things you know they're  never going to ask you that it's never going to be a docx file that's attached a dot you know like a document file attached to the email don't open those  always have some kind of problems that's the easiest way to get in if you're not sure if you get a if you get a an email from a company that says you know click here to open instead of clicking on the link type in the website go to the website directly and type it in you know so you may get a oh here's an alert you have a problem click this link to log in well for your from your bank for example instead of like Citibank instead of clicking the link go to Citibank calm and use your login that way if there's a problem it'll be there so 

Howard: so first staff education you have a web-based training program it's 

Fred Sagester: it's a web-based training portal that we have and we can do we do other training besides just cybersecurity we can do you know office type training we can do we can have the office say I need training for my practice management and we can low that you know we can do custom based training we can do anything that this portal can basically handle anything nice Howard:  so so um do most of your clients I utilize the staff education or how's that been working 

Fred Sagester: yeah we've got we've got some that are using it we can we can keep track meaning the the doctor can say okay we I've hired a new employee I need you to go in and watch these ten things we can keep track to say they've completed them or you know they haven't the doctor can know I went home and did them no you didn't you watch too you know so we get this it can be tracked okay so

Howard:  so how many more basics do you have uh a couple more 

Fred Sagester: um dark web monitoring I don't know if you're familiar with the term the dark web I'll do the generalized term for it what what most people are used to seeing is what's called a surface web and anytime you do a google search any type of website that pops up is all surface web okay and that's really only three to four percent of the total in Internet you get the Deep Web which is things like businesses that don't necessarily want you they're not a website but their employees might use it but it's not something they give to the public and then you get the dark web which is really where the crime happens for example and and there's there's specific tools you can use to go find the dark web it's it's like going down a back alley and knock it on a door three times and the window opens and you say the password I mean it's that type of if you put it into a kind of a real-world type of scenario that's the kind of you got to know where to go you got to know how to knock you got to know what the password is but two people can come together for example and buy and sell all different different things credit card information breached information and neither one knows who the other one is so they can both be completely anonymous both make the sale exchange money and neither one knows who the other one is and there many times they're selling financial information they're selling personal information they're selling usernames and passwords we do dark web monitoring for usernames and passwords and what we're doing is and  this is for everyone at for example the I spoke when we when we met a couple weeks ago we at the Kentucky Dental I did a session and I had an envelope I had a red envelope and I asked if there I pulled out a doctor's name and I said it you know doctors doctor so-and-so are you here and they raised their hand and I asked would you would you be my guinea pig they reluctantly shook their head and I and and I opened the envelope and I told them every address they'd ever lived in I told them all their phone numbers I gave them their email addresses I gave them the businesses they had I just had it okay I listed off relatives I could tell them their mother's maiden name you know I could tell him all this and then I said yeah and this this I did kind of in front of the entire there was almost 90 in the session almost 90 people in the session and I said I had a piece of paper I said and are these your passwords and I handed him a piece of paper that had you've got passwords that you don't tell anybody and some random person that you're in a session just walked up and handed you all of your passwords  the doctor I had them all I mean I just handed it to them to where I can do that with Oh 60% of the people their passwords are out there we monitor that dark web so when a passwords is compromised then we alert the office you need to go in and change some passwords this is what's happened similar to a bank doing fraud protection on your credit card and I could do I did a monana steed uhz n't matter I mean I could pull up any company and have thousands of compromises that are out there they're just they just are and the way to explain it the way it happens people are like well how's my information out there that doesn't make any sense the the way it happens for example is let's say you you go to buy a video game for your your kid your grandkid you go to target online go to target online and it says create an account you okay you create an account your usernames your email address your password is probably the password you use across the board for everything 80% that people do that do it that way so you order the videogame your kids happy they're having a grand old time target gets hacked okay well target you say target doesn't get hacked target get hacked a few years ago okay big companies get hacked the the bank's immediately turn off all the credit cards they flip one switch and account numbers change credit card information changes they send you new credit cards all that gets defended against the thing they don't do is your user name and password are now out there and it's it's being bought and sold by criminals on the dark web so if I get ahold of now this this doctor that I was speaking to I've got a hold of their email address I've got a hold of their password I know their mother's maiden name and you'd be surprised sometimes I can even tell them their dog's name to now I've got a basis of if I'm looking to breach their information I've got a basis the more I know about them the easier it becomes 

Howard: you know what I always use my password what's that if they say if they say it's like six letters Ahlers ten letters it doesn't matter if they say ten letters I use the last ten letters of Pi there you go and you're still working on it have you so um so what what are more the basics have so you do the dark web monitoring which you said is the majority of the internet well by the way I got asked something totally unrelated because it is related there's a bunch of dentists on dental town that you said you didn't want to be a conspiracy guy or whatever but some of them are they're always asking about Bitcoin now there's dead a company dental Bitcoin do you see Bitcoin kind of like the dark web the deep web kind of mostly a Crim criminal enterprise or do you think it's a legit a real thing and someday the biggest banks on Wall Street will all be doing it it is 

Fred Sagester: it is a legit now there are investors that buy Bitcoin just like they would buy and sell a foreign currency there it's it's a currency that is has value it it can and there are more banks there are businesses getting into accepting Bitcoin it can be the big thing about Bitcoin is it can be done anonymously or you know in in a way that can be used for crime but it can also be used for purchasing you know different products it's it's becoming there was I cannot remember his name there was a guy a I read a story a few months ago that he was the first Bitcoin millionaire he had bought Bitcoin early on it went up in value he sold it became a millionaire Wow so it's a it's a but Bitcoin is Bitcoin is just the just a tool it's not the crime

Howard:  okay actually I I think the best password is on incorrect that way if you type it in wrong your computer will remind you what your your password is incorrect but um so I'm so back to the basics mm-hmm and then I the the last one on the dark web monitoring you said you do that is the software that you use whether you recommend

Fred Sagester: we have you cannot you can office cannot get to it this is a we do a we do a lot of dark web monitoring it's a we monitor forums we monitor we we have people that act as criminals sometimes going out buying and selling different credentials there are it's to say a to tell an office here's where you go to do it it just you can't you know it's like telling it's like it's like telling a patient here's where you go to buy your amalgam you know you  can't do it you the patient can't do what the dentist has to do it does that make sense yeah but there's a there's over 5,000 different forums we monitor you know we've got people that act as go in and act as criminals buying the and selling the information you know to where we can put all the data into our database to be able to to monitor everything yeah 

Howard:so then what was the next basis I'm not fishing the last one is as is

Fred Sagester: a it's a simulated phishing attack phishing is one of the things that we cannot defend against with tools because it's it brings in the human element a phishing attack is a scam email for example trying to get you to click on something that will give access to the criminal into your system and what we do is we do a simulated phishing meaning we're going to send out a sake scam email to an office and what we'll do is that the markers are in there that the steps that we teach to say look at these things to determine if it's a scam they're in there okay because all scam emails have it and what we do is we'll do a simulated phishing attack and then if they click on it we just keep the statistics nothing bad happens to the office itself and what we're doing is okay we did it we did a phishing attack you know last week and eighty percent of your office clicked on it we need some more training you know we'll go through we'll do the staff education teach them more things and then we'll try it again another month okay now we're down to 30% they're getting better you know so it that type thing to where we can try and get the office to be a victim of a scam without actually having something bad happen and then teach them what happened okay here's the email here's what you needed to look for so we do that type of thing and I just I don't see that in offices at all they just don't there no even even the bigger corporations rarely do you see a they do some kind of simulated attack it just doesn't happen you know 

Howard: I only click those when I have to like when they inform me that like a hot single divorced woman just moved in next door and you have to clean that one in that case it's okay but you know on the other stuff yeah and the worst one we had in our office I'm not gonna say his name because he felt so bad it was it was that it was one of the docs she known I mean and this guy he's probably the smartest guy that's ever worked at our dental office and he said it was so bizarre he said he knew right as he was clicking he was thinking about I'm not gonna click that that scam as is you know everybody was going through the emails cleaning out his delete box and he he clicked it when he knew you know just as he knew and it was just a disaster 

Fred Sagester: and everybody does um we do we do simulated phishing attacks on ourselves on my staff we do simulated phishing attacks and I've done it before you get busy you don't think about it what we're trying to do is make it so ingrained in your head that these are the things you look for that we can reduce the percentages of having a problem so again so how long have you been in dental now I started in 2001 so 18 years so in and

Howard:  so where's the line going is is the line is it getting worse in time or better in time do you think eventually this problem will go away or will it get worse on cybersecurity 

Fred Sagester: it's only going to get maguet worse meaning more complex there are it there are new things coming out for example I don't know if you've read the story there are now hackable lightning cables for your iPhone and if you've read this story or not it came out in the last couple weeks I can take a lightning cable you know the white cable that you use to plug in your iPhone and put a put some code into it to where when you plug it in I now have access to your computer so you know even then basically don't borrow anyone's lightning cable use only yours buy them only from a store you know it's getting to that to where people did you know it's like why would I need a lightning cable how are you gonna love this so more and more complex things are coming out and making it worse getting harder you know 

Howard: we passed an hour but I want to ask you the same question when we started I mean again my homies in Wisconsin they were doing everything right they you know the Wisconsin Dental Association it was their company their services they all went to sleep at night thinking god the Wisconsin Dental Associates taking me how does my homies know if the IT company I mean why should I trust you if these guys did he work trust in the Wisconsin Dental Association mm-hmm 

Fred Sagester: there's a there's a few things I tell ya know there's a few things I tell offices to do one ask them how many how many dental offices do you support okay if they say if they say I do dental well does that mean two or three other that does that mean two or three hundred you know it say you the dental industry is very specific in how it needs protected so you want an expert that'll do it and then you get in security ask them if you're looking at hiring an IT company ask them how many how many times do I get attacked a day okay if they go you don't you're good or they go you know one or two but we've got them defended they're they're not digging into it deep enough we get our offices on average get 1,500 attack attempts per day every single office gets attacked or attempted 1500 1500 times every day I could pull up log files of attempted attacks and printed out the size of a book and I know I know everybody's national because 

Howard: everybody's tribal everybody thinks their tribes the best but I've heard up to one third of all the hackers are actually Americans living in the United States of America I mean we all like to blame it on another Charlie oh it's those Russians or Chinese or North Koreans but I I'm reading 30% of them are Americans oh yeah it's that it's it's not it's I'm not trying to say it only happens outside of America because it happens across the world in an in America 86 percent of hack attempts happen inside of America 86% of the worldwide attempts are inside of America and that's across the board doesn't matter one being the guy is trying to hack or the ones getting the attack ease eighty eighty six percent of them are in America the attack he's the one trying to hack into you know the attempts okay

Howard:  okay the hackers of one doing it but the target the target is Americans eighty six percent of time eighty six eighty six percent is in America yeah Sony's the answer what's question they're probably looking for money yeah exactly that's exactly what they're doing because if I and

Fred Sagester: it's not the way it used to be if a hacker could get in the first thing they want to do is screw with your system make you have problems it doesn't work that way anymore now they want to get in and not let you know because the longer I can stay in the more data I can feed myself and turn that into money these these hack attempts these breaches for example you know if you've you've read Yahoo got attacked you know all these all these big breaches Under Armor just got breached not too long ago that the MyFitnessPal these don't happen in a matter of minutes okay it's not jump in steal the data and jump out this happens over months they're there in there not being detected and feeding themselves data months and months over over time

Howard:  I was reading a article by Condoleezza Rice and basically she was trying to sound a fire alarm that Russia and China are what to win the war on cyber cyber war and she does not think America or the fortune 500 company is taking it serious enough do you agree with Condoleezza Rice that America from military to business to offices are taking this serious enough

Fred Sagester: I can't speak to the other industries I can I can agree completely that dental offices aren't taking it seriously enough the and the thing they don't realize is the in any dental office the number one most important thing is data it's not the doctor it's not a big expensive piece of equipment if a doctor goes down you know you can have a sub in a week you know you're gonna lose a week if you lose your data you're in a world of hurt yeah that's gonna cost you a whole out of money and so why wouldn't people take the most steps possible to protect the most important thing I mean

Howard:  why do they want to buy a business-class antivirus so they can get a copy one for free because you get what you pay for which is my final final final question how much should a dentist expect to pay for some service like this so someone if someone calls you and by the way how did they contact you you're a second Sangster com and say I used to cop and Sagi sir just think of sage si GE ster ste R so si GE ste are calm so if someone went to sign Sangster calm and got the what you recommended what would this custom month 

Fred Sagester: if in fact if you go to sagusti calm slash cyber CY BER it's got these eight steps this these are these eight protections we charge 297 a month all included and we monitor it so it's not just we install it and say there you go we'll see you later we're always watching problems it's we get a level of constant protection on the office there's a there's a sign-up sheet information right on the website

Howard:  all right well it was a it was an honor to have you come on and depress everybody about how bad did you have anything cheery to say well it's

Fred Sagester: it's a it's a good thing yes it's getting more complex you know and yes if you look at it in one way it can be depressing but help is out there it's a it's technology is helping us technology is advancing how well we can do dentistry how quickly we can do dentistry it's just with everything that's good there's gonna be a bad side to it so it's not the technology's not a bad thing or it's not that technology is a bad thing you just have to take the precautions with it but it really is I mean look at the the innovations that that the dental industry and every industry has had over the years so it's a it's a good thing on the bright side you just gotta take the protections into place and

Howard:  lastly but lastly but lastly on that thread talking about two dentists are there to say are saying see I told you so they stuck with their paper charts and they still have it computerized did you do you think in a weird kind of way that the people who stayed back and didn't go the computer out and all that and kept the paper chart and the smell of snail mail US Postal Service you think at the end they're gonna be the smart ones 

Fred Sagester: no I would be the  new technology allows doctors to find things that you know find problems that the old technology wouldn't you know that the new technology the advancements in technology it improves dental it improves the care that a patient receives so sorry guys I just don't agree with you they that I understand staying with paper I don't have to worry about cybersecurity but are you giving your patients the best care possible that way 

Howard: and and you say you're mostly in Kentucky Indiana Ohio I mean what is I was listening you and they live in Kansas I mean do you like to stay in your in your area or how does that wash

Fred Sagester: I've consulted with offices we and in the in the cybersecurity side of things we can do it anywhere okay like the our cybersecurity package I can do anywhere the and I have a number of different partners we can do we can handle an office support across the nation in some cases I have partners that can be our hands if we need to go on-site but because and this is beyond the even just the cybersecurity if we do that the total support we keep an eye on the system all the time we do 8090 percent of a remotely and then the other 10% I have partners that can be our hands so it's it's possible we can we can bring it on an office pretty much anywhere and still and they'll get a level of protection and a level security and efficiency that you just don't see from the companies that don't know dental alright well thank you so much for coming on the show today

Howard: Fred it was great seeing you at Lugo I love that convention I love that River God that place is just beautiful I'm just like everything about it and it was fun watching you freak out that I girl where you knew everything about her but come on guys you got to do this because I'm my god what a horrible Monday morning for 400 dentists to walk into work and have ransomware on lockdown and I thought they were doing everything right and you said 30 percent don't even use um encrypted email so you gotta raise your bar guys raise your bar and that cyber security the basics into office of cyber security yep they and it makes you you know the offices that are that came in and had that ransomware do you think 297 a month if they to thought back you know it's only 297 a month and I have been secure was it worth it then so it's a you don't want to come in and have it happen after the fact and go oh I should have done it you know get that security you we just don't see it in the dental industry and you need it yes all right buddy thanks again thanks for coming on the show.

More Like This

Total Blog Activity

769
Total Bloggers
7,935
Total Blog Posts
2,964
Total Podcasts
1,299
Total Videos

Sponsors

Townie Perks

Townie® Poll

Do you allow parents into the operatory?
  

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710
Email: sally@farranmedia.com

Follow Dentaltown

Mobile App

WITH DENTALTOWN . . . NO DENTIST WILL EVER HAVE TO PRACTICE SOLO AGAIN®

WWW.DENTALTOWN.COM - WHERE THE DENTAL COMMUNITY LIVES®

9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved