August 28th, 2019
Just as bellbottoms, Crocs and Ed Hardy trended in fashion – and eventually became extinct … thank God – there’s a new trend in the cybersecurity world. And the damage it’s inflicting on large corporations, cities and, most importantly for us, dental practices, is startling.
A rash of IT providers has been victimized by outside attackers and leveraged as ransomware, leaving all of the people they call clients … well … compromised and at serious risk.
It happened as recently as Monday morning (Aug. 26) to a dental IT vendor in Wisconsin – and on as large of a scale as crippling 22 cities in Texas after their IT vendor was compromised.
The Wisconsin-based vendor was the vector of a widespread ransomware attack that has debilitated their clients. The vendor at hand is now asking each of the practices they list as clients pay $2,000 in order to pay off the attacker that penetrated their system. In some instances, the practices that have complied and paid the $2,000 are STILL experiencing practice-wide outages because of the backups they had in place … well, those were attacked and compromised as well.
While there was no way of knowing that IT provider – and, by trickle-down effect, its practices – would be the victim of an attack like this, those practice owners are, by NO means, off the hook.
After all, as an owner: It’s your name on the practice. They’re your patients. It’s your duty to own the mistake.
Now, before YOU’RE in the position of having to prepare a statement to disclose to your patients, be sure you’re informed of what exactly your IT vendor is providing you.
3 Important Questions for Your IT Vendor
1. Do you have two-factor authentication required/enabled for all of your software tools? This includes professional services software, backup software, remote access software, management software and endpoint protection software?
Two-factor authentication provides an additional level of protection that would prevent a malicious entity from accessing the software even if they know the username and password.
2. Do you conduct penetration and vulnerability testing at least annually?
By paying a third-party vendor to check for vulnerabilities and weak links, your IT vendor is essentially getting both an expert and a second opinion on the strength of their defense. If the concerns found are addressed, the likelihood of a compromise is exponentially reduced.
3. Do you have cyber threat insurance that will pay my ransom and associated fees should my practice be compromised through your access?
Sure, your practice may not be compensated for its downtime, but having these other expenses handled can greatly reduce the headache should a significant event occur.
Finding an IT partner with expertise in security for protecting your practice can be difficult. It’s much like finding a four-leaf clover – they exist, they’re extremely rare, and when you find one, you want to hang onto it.
So if you want a dental IT partner security being its specialty, and sees itself as an extension of your practice, please contact us to see if your practice qualifies for a no-cost cybersecurity assessment.
Posted in Other