If you have a dental office, you’re aware of the growing cybersecurity threat. You know that your small to medium-sized practice is a target with 43% of all data breaches involving SMBs. You may have read that the healthcare sector has become a primary target or that the cost of a breach can run into the millions. Perhaps, you’ve conducted employee training, updated software, sought advice from a knowledgeable IT expert, and added a new firewall. But, the truth is you’re not sure if those steps are the right ones.
Although you’ve read the recommendations of various experts, the information often assumes a level of understanding that most people do not have. For example, what happens in a ransomware attack? What is a Trojan horse or a computer worm?How does phishing or social engineering lead to cyberattacks? Knowing more about the risks associated with different attack tools can help build a better cyber defense.
What Is Malware?
Malware is malicious software that is deployed to intentionally harm a computer, network, or server. Malware may include ransomware, spyware, or computer viruses. These programs steal, delete, encrypt, or alter data. They can disrupt system operations and take over network operations. The exact impact depends on the malicious software being deployed.
#1. Computer Viruses
A computer virus works much like a biological one. It is software that replicates by inserting malicious code into other software programs. Any program that is affected is considered “infected.” Most viruses are deployed using social engineering techniques that manipulate users into visiting websites or clicking on links that result in the virus downloading onto the user’s computer.
#2. Computer Worms
Worms are also self-replication programs, but they are designed to infect other computers. They remain active on the infected computer while spreading to other devices on a network. Worms usually damage a network, if only to slow performance, and are delivered in a similar manner to viruses. WannaCry was a 2017 ransomware delivered to 150 countries using crypto worms.
#3. Trojan Horse
Trojans are named after the wooden horse that the Trojans used to capture the city of Troy in Greek mythology. This malware appears to be a legitimate program that users download without realizing its malicious purpose. Trojans are often used in conjunction with phishing or social engineering attacks. Many are deployed to create a back door (or unauthorized access) to a computer system.
Ransomware has become a household word when it comes to malware. It’s a malicious program that denies access to a computer system or data until a ransom is paid. Ransomware is deployed through phishing emails, malicious websites, and vulnerabilities. Ransomware has significant ramifications to operations and data compromises.
#5. Other Malware
Cybercriminals create malware variants faster than cybersecurity experts can counter them. Most malware is deployed using multiple programs. For example, a Trojan horse or computer virus may be used to deliver ransomware. That’s why an antivirus solution is not enough. Malware can infect a system using multiple attack vectors.
What Are the Risks?
The biggest risk for many dental practices is mindset. It’s often believed that dental offices are too small to matter which is exactly what cybercriminals are hoping for. If a practice doesn’t feel like a target, staff are not trained to stay away from questionable websites. Employees are not told to never click on links or attachments in emails from unknown senders. Yet, these are two basic ways that hackers can infect systems. Given that hackers attempt a cyberattack every 11 seconds, it’s just a matter of time before a dental office becomes a target.
A recent study found SMBs such as dental practices will become more likely targets as ransomware programs become a commodity. Less experienced hackers can purchase these programs on the dark web and deploy them in a matter of minutes. These prepackaged programs target known weaknesses that many SMBs have not addressed making it easier for hackers to infiltrate a network. For a few dollars, inexperienced hackers can receive ransoms in excess of $100,000 for a few hours of work.
Two recent attacks demonstrated the impact of the distribution of infected software updates. Customers of Solar Winds and Kaseya received malicious software as part of their routine download of software updates. By infiltrating a software provider’s network, hackers were able to compromise their customers. These attacks indicated the weakness that exists across supply chains.
Many dental practices use software programs that require regular updates from a third-party site similar to Solar Winds. Without strong dental practice network security defenses, practices could download compromised updates that infect their systems resulting in data loss. Healthcare records can sell for as much as $1,000 per record on the dark web, making theft of 100 records a $100,000 profit.
For dental practices, a data breach is a HIPPA violation and can result in fines and penalties. It can also result in legal actions and a loss of patients. Many consumers are hesitant to continue to do business with an organization that has suffered a data breach.
Covid-related attacks have grown exponentially as more hackers create bogus websites. They generate advertising emails and social media ads that manipulate users to click on a link to learn more. That link contains a virus or Trojan that opens the door to an attack.
It’s easy for staff to inadvertently click on a link or go to a website associated with COVID-19 information. With changes in operating procedures and staffing shortages, dental practices must be vigilant in their cybersecurity training. One wrong keystroke opens the door to a ransomware attack.
Ransomware attacks now have a two-prong threat. Hackers block practices from accessing their data while stealing data records. They receive a ransom payment as well as thousands of dollars from selling the stolen records to other cybercriminals.
Internet of Things (IoT)
A growing risk is the expanding size of a company’s network. With more employees working remotely, networks are no longer contained to an office. For practices with multiple locations, the attack surface increases with each office. As with most SMBs, dental practices may struggle to cover the cost of added dental practice network security tools.
However, each device connected to a network is a potential access point for a cybercriminal. If mobile and WiFi devices are also a part of a network, they require additional dental practice network security measures that are not typically covered with antivirus and antimalware solutions.
Defending against cyberattacks may seem like an impossible task; however, protecting your practice and its digital assets can be successful with the right technology partner. Erickson Dental Technologies provides a proactive approach to protecting your dental office. Whether it is strengthening security or implementing HIPAA safeguards, our team delivers the peace of mind that comes from knowing your practice is protected. Contact us today to learn how you can protect your dental office from malware and viruses.