The American Dental Association (ADA) has issued an urgent warning to all dental practices following the Federal Bureau of Investigation (FBI) communication regarding a credible cybersecurity threat. Specifically, oral and maxillofacial surgeons are at risk, but the FBI is concerned that other specialists and general dentists could also be targeted (1).
The Threat Landscape
Social Engineering Scams: Cybercriminals employ tactics like phishing (via email), SMSishing (through text or instant messaging apps), and vishing (using phone calls and voicemail) to gain access to sensitive personal data, including electronic protected health information.
Spear Phishing: This involves emails that appear to come from trusted contacts. Threat actors may impersonate credentialing agencies to deceive recipients.
Malware Deployment: Cybercriminals deploy malware by convincing individuals to click on links, open attachments, or visit malicious websites. Ransomware, which blocks system access until a ransom is paid, can result from such attacks.
A Common Scenario
The FBI shared an example: Threat actors pose as new patients or express interest in becoming patients. They request new patient forms online, then report issues with submission and ask to email scanned forms instead. When recipients open the emailed “forms,” malware is deployed (1).
Protective Measures
To safeguard dental practices against cyber threats, consider the following precautions:
Recognize and Avoid Phishing: Educate your team to identify phishing attempts and avoid falling victim. Implementing an email security solution will provide an additional layer of security and drastically reduce the number of phishing emails your staff receives.
Strong Passwords: Robust passwords are required to protect sensitive data. According to the Center for Internet Security (CIS), a strong password is 14 characters if the account is not protected by multifactor authentication and 8 characters if some form of multifactor authentication further protects the account. All passwords should contain three available character types: lowercase, uppercase, numbers, and special characters.
Multifactor Authentication: Implement multifactor authentication for added security. Today, most services allow you to configure MFA for your accounts, and if it is available, it should be enabled for all accounts that utilize that service.
Software Updates: Regularly update all business software to address vulnerabilities. If you do not actively manage your applications, configure them to update automatically. This will help protect your environment against being vulnerable due to outdated software.
Remember, vigilance and proactive measures are crucial in maintaining cybersecurity for dental practices. If you encounter any suspicious activities, report them to the FBI Internet Crime Complaint Center at ic3.gov (1).
Cited articles:
Additional reading:
A CISA.gov toolkit aids healthcare practices in building cybersecurity foundations and implementing more advanced, complex tools to stay secure and ahead of current threats.
The U.S. Department of Health and Human Services’ Knowledge on Demand resource offers five free cybersecurity training modules that align with the top five threats named in theU.S. Department of Health and Human Services’ Health Industry Cybersecurity Practices.
The Office of the National Coordinator for Health Information Technology’s Security Risk Assessment Tool, a resource designed to help medium and small providers conduct a security risk assessment as required by the Health Insurance Portability and Accountability Act.
The U.S. Department of Health and Human Services Office of Information Security and Health Sector Cybersecurity Coordination Center’s “Artificial Intelligence, Cybersecurity and the Health Sector” guide shares how healthcare entities can help protect against AI-enhanced cyberthreats.
The HHS’ Cyber Security Guidance Material.
A YouTube webinar, How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks.
Additional resources can be found at ADA.org/riskmanagement.
Komentarze