In May, my Technology Evangelist column in DPR focused on what I referred to as The Low Price of Office Data Security. If you're interested in my take on that subject, you can follow the link and read it. The one nice thing about DPR putting my columns online as well as print is that sometimes the original has to be edited down to fit the layout of the printed issue. The columns that are posted online are the complete article I submitted. That means the digital version usually has more info.
Today though, I'd like to focus on something that has come to my attention since that column appeared. I recently had a meeting with Black Talon Security to learn more about their solution to help protect health care offices and dental offices in particular. I came away from that meeting very impressed. I won't go into great detail about them here. However, in the not too distant future I'm planning on a post to give you more info about them. At this point, suffice it to say I feel that if you don't have your office data security buttoned up *really* well, you should look at what they offer. It's pretty amazing.
However, my meeting with them brought something to light that I think every dentist needs to be aware of. As we all know RansomWare is a huge and increasing threat. Not having your data can bring a practice to a screeching halt. And of course, loss of business continuity is just the tip of the iceberg. That was the real premise of my May column. There are huge costs to dealing with a breach... but now there is another cost that could add massively to that.
RansomWare and the people who spread it have changed tactics. Now, in addition to encrypting your data and holding it for ransom, they also steal your data. Basically all that information is copied and put on the criminals' servers before they start encrypting on your end. Then that data is frequently either posted on the dark web or sold to other criminals to use in ID theft and other types of crimes.
So how is that expensive? Well, it turns out that by posting or selling that data, the office is now not only facing investigations and massive fines due to HIPAA violations, but the legal field has entered the fray. By failing to secure the data, the office can now face class action lawsuits. By having their data placed online without their consent, patients can engage attorneys who will prove damage to the patients involved.
That little twist is something I hadn't heard before. Now in addition to all of the other problems and expenses I outlined in my column, you may also be facing class action lawsuits from patients harmed by the theft. I'd also like to emphasize that this isn't some 'worst case scenario' that I am tossing out here. This is already happening in dentistry and at least one unfortunate doctor is now embroiled in one of the actions.
I realize that my focus on security is something some of you may not be thinking about or feel that I dwell on it too much, but I think it is my job here to try and keep my peers and followers informed and prepared. The best mentor I ever had once told me, "Flucke, if you prepare for an emergency, it ceases to be one." That one little nugget has made a tremendous impact on my life. Now by passing it along, I hope it can have a similar impact on all of you who are kind enough to read the blog on a routine basis. The best way to prevent a breach is to act like it's going to happen. Unfortunately it *does* happen... every day. Also, the stats I've seen recently put healthcare at the very top of industries that are being targeted. Like it or not, the bad guys have us in their sights. Do all you can to prevent this.
No comments:
Post a Comment