First of all, the way to help. On Friday November 8th I'll be giving a webinar on data security in the dental office. However, while I'm passionate on the subject doctors need an expert to listen to. That's why the webinar will be a tag team effort by myself and Gary Salman who is the CEO of Black Talon Security. As the CEO of a data security firm, Gary knows this subject forwards and backwards. Click here to register.
The second thing I want to bring up today is about the severe penalties that can be meted out by the federal government *and* affected individuals for violations of HIPAA. There are many reasons why data security is incredibly important, but if for no other reason, doctors should be concerned about the costs incurred with these types of security situations.
I'm not going to mention the practice by name, but in February 2023 (between the 17th and 22nd), a DSO with over 300 offices experienced a data breach that compromised PHI (Protected Health Information) of patients.
In addition to the fines, affected business operations, etc that come along with these incidents, there was also a class action lawsuit filed by some of the patients. Recently the DSO settled the lawsuit filed by the patients for $2.5 million.
I truly think that doctors should look at data security as 'insurance' and not as a 'nice to have'. No locked door is 100% effective, but becoming a more difficult target certainly means that threat actors will go after less protected systems.
If you'd like to learn how to help avoid these kinds of situations, join Gary Salman and I on November 8th.
I think I know the DSO.
ReplyDeleteI think I talked with them in the past.
They spent months asking all sorts of questions about how we do things, and we happily answered...then their current IT staff started deploying some of our technologies and asking questions about how it works or how to do various things with it. We stopped answering direct technical questions since they weren't a client. Then they said they weren't going to stay with us, but would pay a few thousand for us to teach their staff how to do what we do. We declined.
I'm always sad when someone reaches out because they just got screwed by cryptolocker or a breach. I can't put the genie back in the bottle. I can't magically undo your car accident or dumpster fire. But I can help prevent it before it happens.
But try getting in touch with a CEO/CTO or a doctor. It's nearly impossible.
If you do get in touch with them, try convincing them that most IT people out there are point-and-click Windows admins who don't actually know how to do their jobs--just resell other people's services and search Google.
IT desperately needs people who solve problems that haven't been solved before.
Last month one of our "low level techs" came to me and said "I think I have a new way of detecting cryptolocker". He explained a combination of methods using Windows and Linux and the engineering group said "Wow...that seems like it would work...have you tested it?". He replied "Yes, and here are the automation tools to deploy it to customers. They need a bit of tweaking and a front-end, but they're mostly done."
Within a week we deployed to our test environment and threw some cryptolocker samples at it. It worked beautifully. We refined stuff and pushed it out to a test client a week later. A month later all our clients were running it.
He did it all on his personal time...because good engineers don't clock in at 8 and out at 5 to go watch sportsball. Good engineers are always playing, learning, exploring, and growing. He got a hefty bonus and promotion to the engineering team.
Most IT staff I see at large and small DSOs are just corporate Windows drones who believe the myth that if you just recommend solutions that everyone else is using you can blame them when things fail. "The AV didn't detect this new variant". "Microsoft hasn't released a patch yet". "A third-party company was breached and we use them for XYZ and that's how everything got infected".
Until that lazy incompetent attitude gets addressed, this will continue to be a problem in the industry.
Aaron, if there was MVP voting in dental IT, you would be a finalist. I"m a firm believer in the concept that one of things that causes people to get frustrated is when they know what is right and others fail to grasp the fact.
ReplyDeleteHistory is full of people who have tried to warn of impending disaster, only to be told "calm down" or "we've got it handled".
Keep fighting the good fight. If we keep working on getting the message out, we'll help people. I truly believe that!