Nine Steps to Keep Your Practice Safe from Data Breach
In 2015 a hacker gained access to more than 150,000 dental records including names, addresses, social security numbers, birthdates and other information that could be misused. How did it happen? A piece of malware slipped into the system.
Posted in Data Breach on Thursday, November 1, 2018
Malware is the common term for “malicious hardware.” There are four typical ways malware can be delivered to the victim’s computer:
- Drive-by downloads are very common and happen when a computer user unknowingly downloads software from the internet.
- Homogeneity occurs when one computer on a network is infected and transfers the issue to other computers on the system.
- Vulnerability refers to a software defect that leaves the computer vulnerable to attack by hackers.
- Backdoor attacks typically occur when an evildoer gains access to the system through an opening or break intentionally left by the designers to allow for easy debugging.
Data breaches continue to place millions of Americans at risk of identity theft and fraud. You can minimize the risk to your dental practice by following these data breach protection tips:
- Keep only what you need. Reduce the volume of information you collect, and retain only what is necessary.
- Minimize the places you store personal data. Know what you keep and where you keep it.
- Safeguard data. Lock physical records in a secure location, and restrict access to employees who need to retrieve private data. Conduct employee background checks. Never give access to temporary employees or vendors.
- Destroy before disposal. Cross-cut shred paper files before disposing of private information. Also destroy CDs, DVDs and other portable media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the drive, or physically destroy it.
- Establish a written policy about privacy and data security and communicate it to all employees. Educate them about what information is sensitive and their responsibilities to protect that data.
- Educate employees. Be sure your staff understands what malware is, what phishing is, what ransomware looks like, and is clear on the dangers of clicking links from unknown sources.
- Use password protection. Protect your business computers, laptops and smartphones, as well as your network and account access with strong passwords. Require employees to have a unique user name and a strong password that is changed at least quarterly.
- Keep security software up to date. Install updates to security, web browser, operating system and antivirus software as soon as they become available. They contain “patches” that address security vulnerabilities within the software and are your first line of defense against online threats. Use firewalls, antivirus and spyware software; update virus and spyware definitions daily.
- Encrypt data transmission. Encryption helps protect the security and privacy of files as they are transmitted or while on the computer. Avoid using Wi-Fi networks; they may permit interception of data.
The Federal Trade Commission (FTC) has many resources available to assist you and your practice in recovering from a data breach. Those resources can be found on the FTC’s website.
You'll also find information about each state's laws here: http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/Data_Breach_Charts.pdf
A guide to types of malware and delivery systems can be found at https://www.malwarefox.com/malware-types/.