What if your network efforts were completely transparent to your patient base?
In addition to skills and service, would patients choose a dentist based on those
efforts - whether they were reckless, indifferent, or careful with their family’s
What if you had a sticker on the main entrance door of your dental office that
OUR NETWORK HAS BEEN COMPROMISED.
ANY INFORMATION YOU PROVIDE
MAY BE AT RISK.
…perhaps just above the “We Accept MasterCard and VISA” stickers?
What impact would it have on your business? Do you think a mother with her three
young children would still walk through your door? Would they still choose you?
This scenario isn’t as crazy as you might think. If your office is breached,
did you know that HIPAA requires you to notify each and every current and former
While it’s an absolute must to protect your business from monetary damages
through a comprehensive
Cyber Liability Insurance Plan, don’t forget about the reputational
damage accompanying an event like this.
"Data theft is not a victimless crime. Data breaches pose major consequences for both the corporations that experience them and the consumers who are victims of them."
- Symantec Internet Security Threat Report 2014
Every two seconds, another American becomes a victim of identity fraud. Identity
theft is the number one white collar crime in the US. According to Experian, small
business experienced a 300% increase in cyber espionage attacks from 2011 to 2012.
This trend hasn’t diminished. According to Symantec’s 2014 Internet
Security Threat Report, the average cost of a data breach is about $188.00 per
breached record over a two year period of time. Quick math – if you have
an active database of 1,500 patients, that’s $282,000.00!
A common misperception is that some cyber-punk is hacking your network from her
parent’s basement exacting revenge for a root canal gone horribly wrong.
In reality – most small business breaches are done through a process of automated
hacking; scripts, code and programs designed to crawl through the internet and
expose common and overlooked small business security holes. If the vulnerability
is there – the data is taken. (Note: Windows XP is now one of those holes.)
Most breaches currently reported are event driven. For example, a portable electronic
device (a laptop or a hard drive) is misplaced or stolen. If the drive has patient
data (PHI) – non-encrypted, you have a bona fide breach on your hands accompanied
with fines, fees and a reputational nightmare. In reality though, if you’re
using the internet, you’re at risk and you need to protect your business
by protecting your patients' information. If you are entrusted with personal information
– it is the burden you bare.
When customers walk through your front door – there is an implied trust
that you are doing your best to protect their identities and the identities of
the family members and friends they might refer.
Here are a couple simple – but often overlooked – tips:
- Encrypt portable devices! If it leaves the office – EVER – it needs
to be encrypted.
- Have signed Business Associate Agreements with ALL of your vendors that have access
to PHI, including your I.T. provider.
- Don’t store credit card numbers at your office or on your network (spreadsheets,
practice management software… etc). And…
- Never, NEVER, turn off your anti-virus software and/or firewall… even at
the request of your practice management software provider.