In the growing world of cyberattacks and ransomware, dental practices are a hacker’s dream. And it’s not just DSOs or big corporate practices, either. Sure, the pockets of those practice owners might be deeper than those of solo practices and small group practices. But the nature of how smaller practices are run has made them an easier target for hackers. In fact, hackers have been able to infiltrate smaller practices by the hundreds, many times by targeting dental vendors.
In fact, infiltrating dental practices with ransomware is a hacker’s dream; it’s much more profitable to hackers to get into a dental practice’s computers and network than almost any other type of business—even larger, non-dental businesses.
Here are three types of information hackers seek when looking for businesses to target. As you’ll see, dental practices store all three types of information, including two of the most profitable types of information to sell on the dark web.
1. Payment Information
One way hackers make money through ransomware is to force practice owners to pay a high ransom—sometimes more than $100,000 worth of untraceable Bitcoin payments—to regain access to information.
But if owners don’t pay the ransom (and, many times, even if they do), hackers will download all the banking and credit card information stored on your system and sell it on the dark web. Hackers can make up to several dollars per credit card number on the dark web by people who want to use the card numbers to purchase gift cards and physical items before the breach is found.
2. Personal Information
Names, addresses, and other personally identifiable information can earn a hacker a pretty penny on the dark web—especially when paired with credit card numbers.
Hackers can sell personal information to people who want to steal your identity to open up new accounts. They can also pair the personal information with the corresponding credit card information to double the price they make from selling raw credit card numbers. Adding billing addresses and names to credit card numbers gives bad actors much more flexibility to use credit cards before the breach is caught.
3. Protected Health Information
Protected health information is extremely valuable to hackers who can use it or sell it to people to use for multiple purposes. But the flexibility of the information is not only what makes it valuable. Unlike credit card information, which has a much shorter shelf life as people learn of the breach and cancels their cards, protected health and personal information can’t be as easily changed. Thus, protected health information maintains its value on the dark web much better and longer than payment information.
From a data-use perspective, hackers (or people who buy from hackers) often use protected health information and personal information to create fake IDs to purchase medical equipment. Others use it to file fake medical claims for reimbursements. And others use it to acquire hard-to-get prescription drugs.
Because of the longer shelf life and the multiple, high-value uses for protected health information, hackers can get hundreds of dollars per health record on the dark web. And that makes protected health information one of—if not the—most valuable type of information hackers target.
Is your practice protected from ransomware and other cyberattacks?
A single cyberattack can easily cost a dental practice hundreds of thousands or even more than a million dollars between downtime, direct costs, and damage to your reputation. It’s much easier and more affordable to invest in protection against this growing threat to dental practices.
In fact, if you don’t invest in protecting and insuring against ransomware, you may be exposed to risk and liability far more significant than any malpractice or on-premise liability claim. Schedule a free discovery call with us to find out how easy it is to protect yourself from this growing threat to you, your practice, and your patients.