Email is everywhere so it’s easy to overlook in regard to overall data security. As more and more dental practices use email to meet patient and referring provider requests, data security and compliance become even more important.
Sending an email message requires little thought. Zipping off a quick thought on electronic mail system is quick, as well as efficient. As our history has proven over the last three decades or so, in most cases, email messaging is no big deal; it helps lead to a job well done and senders can move onto other things. Email, without a doubt, is nearly as easy as firing off a tweet or posting up an Instagram – the point: the technology helps us become as efficient as possible. But with that efficiency, comes risk. Every email sent by your practice is a potential data security risk.
In the healthcare setting, email is one of the most efficient forms of communication available. Because of this, many dental practices use it daily for patient, provider, and even payer communications. That’s all great – as long as practice owners and office managers are following guidelines for effective data security.
Email is a major source of malware, spam and an opportunity for attacks against an organization. Healthcare sector’s email defenses usually are not as strong as other industries. Healthcare practices tend to be smaller and less sophisticated from an IT point of view, which is one reason for more attacks, and most small practices struggle because of small IT budgets. So, how do you handle this?
Consider a three-pronged approach, 1) establishing a strong, compliant defense, 2) training your internal team (what to look for in email, etc.) and 3) ensuring that you’ve got proper business practices and tools in place to prevent security issues.
Defensively, dental practices should put energy toward providing security controls, keeping data in fewer places and encrypting the data. If there’s a concern about providing the proper level of security or needing the right resources to manage these efforts, consider adding an employee to take on the task or a contractor as a lesser cost to provide many of the same benefits as an internally based employee.
How confident are you in your data backups?
Evaluate where and when data is stored and backed-up. Make sure that you know how to recover practice data in the event of a cyber-emergency. Remember, it’s not just your data that you are responsible for – it’s your hundreds, thousands of patients protected health information (PHI) that is at risk. You have a responsibility to be a good steward in caring for and protecting their PHI. Be sure your practice is setup to do so.
As a follow-up to Step 1, document security procedures and share them with your teams. Educating your staff about data security and information handling is a must. When training staff, examine the most sensitive business practices to make sure they’re not vulnerable. Train, train, and re-train. Consistent reinforcement of compliance and security messaging is key to having employees retain the information. Provide as much detail as is required to get the result you want – a practice that is not vulnerable due to employee ignorance.
Address major security concerns by educating employees
A primary security concern for many dental practices is cybercriminal attacks. These attacks can be ransomware or other email-based threats. This is important because there were more than 1.75 billion personal or sensitive records leaked in January 2019 alone.Some of these breaches were caused by human error; others by system glitches; some by malicious or criminal attacks (in which a business was intentionally targeted with malicious intent).
Exacerbating this is the rise of a new cyber threat called cryptojacking, where a hacker hijacks your computer and uses its CPU power to mine cryptocurrencies. Malware attacks are on the rise, too; destructive malware is significant in this regard as it targets a computer system so as to destroy it and render it non-operable.
These incidents are probably not concerning enough for most small business managers because most of us don’t think these attacks are not going to happen to us. Fair enough, but there are other reasons why dental practices need effective email security processes. For example, while email remains an excellent way to communicate with people, lax security can mean you’re allowing information to leak out. If any information is leaked, there’s no way of knowing how much data you’re exposing to the world. The information you exchange is only as safe as your email security measures. If you’re doing nothing to protect the security of your email data, it’s safe to say your email data, ultimately, is at risk for security breach.
What can you do now? The most obvious is to stop clicking on links you don’t recognize and encourage your team to take the same action. Also, don’t open unexpected, un-requested, or unknown attachments. Spear phishing emails may look deceptively “real”. Knowing what to look for can save your practice a ton of headaches. If you get an unexpected, unsolicited email, check the sender’s email address before taking any action with the message to be sure it is legitimate. Often, you’ll notice that, while an email address may look legit at a glance, the actual address may contain an extra letter or number meaning it’s not originating from a domain you should trust. While watching for all of this can be difficult, it’s a worthwhile prerequisite to protecting your practice’s and more importantly, your patients’ data. Check out this upcoming HIMSS webinar to learn more about spear phishing – it’s a valuable free resource.
Along with training your team on proper security protocols, you must give them tools that will help simplify their jobs as data stewards – tools like encrypted email. This is fundamental. One-click email encryption is easy to use and ensures that the user’s communication is secured against unwelcome readers while in transit.
Simple steps to take immediately
Standard email programs are not secure and do not encrypt information being sent; therefore, they should never be used to communicate anything that contains PHI. When studying solutions to help you secure your dental practice’s email, consider Vyne Connect from NEA.
Lastly, stay vigilant, reinforce security procedures often and always be on the lookout for scammers – they’re certainly looking for you.