Cyber Criminals Attack Dental Practice Database

Cyber Criminals Attack Dental Practice DatabaseDentists, welcome to the age of digital data and data security.

Palo Alto Online is reporting that a Palo Alto, California, dentist’s database was hacked and the hacker is holding the contents for $3,000 ransom, according to the Palo Alto police department.

The unnamed dental office was hacked sometime between April 10th and 13th of this year, but the dental practice didn’t report the hacking incident to police until June 5th.

The hack was discovered by a system scan that picked up on the malware and the ransom message, which included an email address to arrange for payment of the $3,000.

Sgt. James Reifschneider of the Palo Alto police department told Palo Alto online, “The files that were compromised were X-rays and associated notes. No personal identification information was taken as far as we know. This type of cyber attack is not unusual in the IT world. The hacker typically freezes or corrupts data and generates an automatic message. If the victim wants to regain access they must remit a ransom.”

The dentist has no intention of dealing with the hacker and contacted an IT service provider to try to reconstruct the missing database.

Hackers like to target small businesses because they know that the small business owner typically does not have the resources for more sophisticated (and more expensive) security defenses and they can be lax about their Internet use policies for employees.

Many small business owners allow their office staff to use office computers to check personal email and visit non work-related websites on the Internet without a restrictive firewall in place.

The Wall Street Journal reported that in 2010, the U.S. Secret Service and Verizon Communications, Inc.’s, forensic analysis unit, which investigates cyber attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.

How can a dentist secure patient data in a digital world?

1. Set up and enforce a strict computer and Internet use policy that restricts employees from reading and downloading personal email while using an office computer.

2. Hire an experienced IT company to set up a strict firewall on your office network. If your dental practice uses wireless, have the IT company hide your wireless network from public view.

3. Train your staff on how viruses infect computers with common user habits such as forwarding personal email messages and downloading computer wallpapers.

4. Keep all anti-virus and anti-malware software updated along with computer operating systems.

5. Always create strong passwords of more than 8 characters that use mixed-case letters and include numbers and symbols. A great site for password creation is Symatec’s PC Tool Password Generator (www.pctools.com/guides/password). Passwords should not be written down under keyboards, on the front of the pc or anywhere the public can find them.

6. Keep business and home computing separate. Don’t use a laptop at home for fun and then bring it into the office for use on the dental office network. Business computers should strictly be used for business.

Fixing a cyber breach can be a costly expense for a dental practice. The Wall Street Journal story on hackers featured small business owner Joe Angelastri, who was targeted by cyber thieves who planted a software program on cash registers at his two Chicago-area magazine shops that sent customer credit-card numbers to Russia. MasterCard Inc. demanded an investigation, at Mr. Angelastri’s expense, and the whole ordeal left him out about $22,000.

With little chance of catching and prosecuting hackers, dentists would be smart to invest a little money in data security and properly training employees on what is acceptable office use of computers and email.

Have you ever had your dental office database hacked? How did you handle it?

For more on this story see: Hacker Holds Dental Office Database for Ransom 

Are Dentists at Risk From the Epsilon E-Mail Hack?

Are dentists at risk from the Epsilon email hack?On March 30th, in what is being touted on the Internet as one of the biggest hacks to date, hackers stole thousands of email addresses from the world’s largest permission-based e-mail marketer Epsilon.

Businesses such as JP Morgan Chase use Epsilon to send promotional emails or newsletters to their customers.

The hackers gained entry into Epsilon’s system and accessed the e-mails along with the customer names from major Epsilon clients. Epsilon insists that no sensitive personal data was compromised.

Epsilon posted this statement on their website: “the affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services.”

It appears the hackers were “spear phishing”, by targeting the email addresses associated with a specific organization. The ultimate goal is to use this information to create and send authentic-looking emails from the companies they’ve hacked in an attempt to get consumers to reveal more specific personal financial information or distribute a computer virus.

Affected companies are notifying customers of the potential threat via emails similar to this one from Chase –

chase notice

JP Morgan Chase offers these security recommendations in their email –

  • Don’t give your Online User ID or password in e-mail.
  • Don’t respond to e-mails that require you to enter personal information directly into the e-mail.
  • Don’t respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
  • Don’t reply to e-mails asking you to send personal information.
  • Don’t use your e-mail address as a login ID or password.

Chase offers wise advice that should be followed by everyone online.

Here at The Wealthy Dentist we do not use Epsilon, so our client’s data was NOT hacked. We take our dental client’s security very seriously. We recognize that hacking exists, so we caution that everyone be smart about their personal information.

For further details about the Epsilon email hack see: Epsilon E-Mail Hack: What You Need to Know at PCWorld.

Disclaimer

© 2017, The Wealthy Dentist - Dental Marketing - All Rights Reserved - Dental Website Marketing Site Map

The Wealthy Dentist® - Contact by email - Privacy Policy

P.O. Box 1220, Tiburon, CA 94920

The material on this website is offered in conjunction with MasterPlan Alliance.

Copyright 2017 Du Molin & Du Molin, Inc. All rights reserved. If you would like to use material from this site, our reports, articles, training programs
or tutorials for use in any printed or electronic media, please ask permission first by email.