Donna Hall asks Tracy Pound about the risk of cybercrime and what dentists can do to protect their data…
The threat of cybercrime is very real – a third of businesses reported cyber-attacks in the past 12 months*. Of those, almost a half reported at least one breach or attack a month.
It can be tempting to think that only big companies or organisations are at risk of such crimes, for example the global Wannacry attack, which affected the NHS, Renault and FedEx in 2017. However, while these may be the ones widely reported in the media, it is not always on such a large scale or aimed at these kinds of businesses.
As dental practices hold a lot of personal information, they can be a very attractive target for cybercriminals. To find out more and ask for advice on how to mitigate the risk, I spoke to technology expert Tracy Pound…
Donna Hall (DH): Are smaller businesses, such as dental practices, less likely to face cybercrime?
Tracy Pound (TP): No, cybercriminals will look for the route of least resistance. Just like if you have an alarm at home, criminals will be deterred from trying to break in, the same goes for cybercrime. If you have no defence then they will attack and because you are small, they know that you are less likely to have invested in cyber security measures so you’re a good target to them.
Small businesses often don’t think of themselves as a target because they think they have nothing worth stealing. But they do – intellectual property, names and addresses, they might hold bank details for customers or patients, and they might have historical information that cybercriminals can use to impersonate them online.
DH: What can practices do to protect their patients’ data?
TP: Brainstorm with your team to identify what data you have, where it is stored, who has access to it and the risk of it being breached.
Put a cyber security strategy in place that answers the following kinds of questions:
- What data do we hold?
- How could our data be breached and what would the consequences be?
- What information is available on our website?
- How are our electronic patient records secured – who has access and why?
- Are those records backed up, and who has access to the back-ups?
- How are our paper patient records stored? Could someone break in and steal them to create online personas and commit cybercrime that way?
DH: How critical is bringing in the whole team?
TP: You have to involve everyone. Cyber security is not a technical issue per se, it’s a human issue so it needs human beings to solve it – and that means all of your team.
Educating your staff is key when it comes to protecting your practice. Your weakest link will let the cybercriminals in and that may well be human error. Some of the very big hacks on large companies have actually been done via smaller sub-contractors.
DH: What can you do to stop a data breach?
TP: The relationship you have with your IT company becomes ever more critical and they should be recommending some basic control measures. For example, installing anti-virus and anti-malware software on every machine and developing a Bring Your Own Device strategy.
If someone is using a mobile phone which has access to the practice’s emails, they need to be careful about what they are doing with that device at home, but particularly in public places.
One of the big danger points is WiFi in public places, such as cafés because anyone can pretend to be any WiFi network. I could set up a WiFi hotspot on my phone and call it Costa Coffee and then other people in there can use that network and I can then see all their traffic.
DH: Very interesting. Thanks for such an informative discussion, and plenty of things to think about how to stay safe.
*According to the Government’s Cyber Security Breaches Survey 2019