Protecting Your Dental Practice

Protecting Your Dental Practice: Why Oral Surgeons Are the New Targets for Hackers

May 14, 2024||

A Wake-Up Call for Oral Surgeons

The American Dental Association (ADA) urges all dental practices to remain vigilant after it was contacted by the Federal Bureau of Investigation (FBI) with information regarding an immediate, credible cybersecurity threat to the practices of oral and maxillofacial surgeons.

This recent news demonstrates that no business, or in this case a dental specialty practice, is too small to escape the notice of today’s hackers. Many oral surgeons might believe their practice isn’t a target, thinking, “I’m too small to be hacked.” However, the FBI has issued a stark warning: oral and maxillofacial surgeons are now prime targets for cybercriminals, and other dental professionals could soon be next. The FBI suspects the group behind the cyberattacks may be shifting tactics to oral and maxillofacial surgery practices after targeting plastic surgeons last year.

Increasing Cyber Threats

Hackers use various social engineering tactics like phishing (via email), SMSishing (via text messages), and vishing (via phone calls) to steal sensitive personal data, including electronic protected health information (ePHI). Spear phishing, where fraudulent emails appear to come from trusted sources like credentialing agencies, is particularly dangerous. These emails trick recipients into revealing sensitive information or clicking on malicious links, leading to malware infections and potential ransomware attacks.

Real-World Example from the FBI

A common scenario involves a hacker posing as a new patient who requests patient forms online. They claim difficulty in submitting the forms digitally and ask to email scanned versions instead. The files appear as typical PDFs but contain malware. When office staff open these files, the malware attempts to take over their computer, compromising the entire office system.

Preventive Measures Recommended by the FBI

  • Stay Proactive: Always verify the identity of anyone requesting access to sensitive information to prevent unauthorized access.
  • Be Skeptical: Encourage staff to treat unusual or unexpected requests with suspicion to detect potential threats early.
  • Universal Vigilance: Cybersecurity is crucial for all dental professionals and medical practitioners, regardless of their specialty.
  • Report Incidents: Report suspicious activity immediately to the FBI via their website at ic3.gov.

Basic Cyber Hygiene Practices

To further protect your practice, adhere to these essential cybersecurity practices:

  • Educate Your Team: Teach staff to recognize and avoid phishing attempts.
  • Use Strong Passwords: Implement a policy requiring robust, complex passwords.
  • Enable Multifactor Authentication: Add an extra layer of security beyond just passwords.
  • Update Software Regularly: Ensure all software is updated with the latest security patches.

Additional Resources

The FBI suggests the following resources to strengthen cybersecurity in healthcare practices:

By adopting these measures and utilizing available resources, healthcare practices can significantly enhance their cybersecurity defenses, protecting sensitive patient data from malicious online threats.

More from Steve...