Editor’s intro: Mark Pribish’s response to cyber threats can help avoid data breaches in our changing world. Read this article and see best practices on keeping your patient information safe.
Mark Pribish discusses how an orthodontic practice can prepare a response to cyber threats
According to a September 12, 2019, TechRepublic article titled “How data breaches are hurting small businesses,” a Bank of America Merchant Services’ survey of consumers and small businesses presented these findings: 21% of small and midsize businesses (SMBs) reported a data breach within the last 24 months, and 30% of consumers said they would never again use a small business that suffered a data breach.1
In addition, according to a June 4, 2019, Security magazine article titled “Data Breaches Cost $654 Billion in 2018,” “cybercriminals exposed 2.8 billion consumer data records in 2018, costing more than $654 billion to U.S. organizations.”2
Personally identifiable information (PII) was the most targeted data with 54% of stolen PII being date of birth or Social Security Number along with name and physical address (49%) being the second-most common compromised type of PII — which is just the type of personal information that is collected by every orthodontic practice in the United States.
Based on the preceding evidence, along with the 2019 Verizon Data Breach Investigations Report (DBIR)3 where Verizon found that 43% of data breaches happened to small businesses, I have listed my four data breach best practice tips to help small businesses prepare for and mitigate their exposure to a data breach event.
Best Practice No. 1
Every orthodontic practice needs to understand the cybersecurity threat landscape. Staying on top of all the security news and knowing the latest security trends is a time-consuming and challenging task. I recommend regularly reading Brian Krebs,4 who is the author of a daily blog covering cybersecurity, data breach, and cyber-crime trends.
Best Practice No. 2
Have a written information security and governance policy, and update this policy each year. Once complete, have all employees — even with a practice with two to three employees — sign this information security policy document acknowledging that they have read, understand, and agree to said policy.
Best Practice No. 3
Have a data breach risk management plan in place, as the lack of cybersecurity preparedness, the lack of data breach planning, and the lack of employee privacy training have made small businesses a target for cybercriminals. Your data breach risk management plan should include pre-breach planning with a focus on an information security risk assessment, as well as employee education and awareness. It should also include post-breach planning with a focus on state and federal breach notification laws and a list of incident response vendors such as your insurance broker, legal services, forensic services, and public relations.
Best Practice No. 4
Every orthodontic practice should consider having a cyber liability insurance policy, which can help protect your business from cybercrime and a data breach event. The CEOs and CIOs of Equifax and Target were not fired because they were hacked or breached; they were fired for their failed management response to their data breach events. Cyber liability insurance can help your practice be resilient and compromise-ready.
With the threat environment changing so quickly, chances are your security policies and procedures (if your practice has security policies and procedures) are not keeping up, just as state and federal laws are not keeping up with the newest technologies.
These four best practices will help your orthodontic practice respond to new threats along with the changing regulatory environment.
Another response to cyber threats is knowing how to keep malware from being implanted into your network. See Gary Salman’s article titled, “Have cyber criminals ‘implanted’ malware into your network?”
1. Whitney L. How data breaches are hurting small businesses. TechRepublic. Published September 12, 2019. https://www.techrepublic.com/article/how-data-breaches-are-hurting-small-businesses/. Published September 12, 2019. Accessed on October 2, 2019.
2. How data breaches are hurting small businesses. Security magazine. https://www.securitymagazine.com/articles/ 90320-data-breaches-cost-654-billion-in-2018. Published June 4, 2019. Accessed October 2, 2019.
3. Verizon. 2019 Verizon Data Breach Investigations Report (DBIR).
4. Krebs on Security. https://krebsonsecurity.com/.