Hospitals, medical, and dental practices have faced a rash of cyber attacks in recent years. Often it is the small practice that believes it is immune to such attacks, but in reality, dentists, orthodontists and other dental professionals are prime targets simply because cyber villains expect these businesses do not have a secure firewall or email security. It is health data that has become very valuable to criminals – and not credit card information. The theft and sale of medical and dental records are on the rise because this data-rich information contains not only sensitive health records but also a wide array of other details including medications being taken, family history, insurance information, and credit card information.
When this information gets into the wrong hands, identity theft, medication fraud, and other crimes can be committed. You may wonder what does email security for dentists have to do with this. When it comes to phishing attacks, account takeovers by way of email compromise is the second largest threat to businesses according to Inc.com:
“…business email compromise makes up almost 50 percent of the $1.4 billion in total losses from internet crime tracked by the FBI, there’s a new rising threat: account takeover attacks. That’s when a hacker will infiltrate your email account and get to know who you are and what kinds of business you conduct…customers report a 126 percent increase in email account takeover attacks. These attacks are low volume and slow, but have a high impact.”
Phishing scams usually masqueraded as emails that are coming from a trusted source, such as the government, a well-known business, or some entity in which a dental office would rightfully communicate with. These scam emails have become very deceptive in that they give no sign of fraud and will not directly ask for any sensitive information. Instead, they may be alerting your dental practice to some financial obligation that has been neglected or a phony transaction that has been detected concerning your dental practice. In reality, it is an opportunity to breach your system’s data! When someone in your dental office ‘takes a bite off the baited hook’ of a phishing email, the results can be devastating!
For an email phishing scam to work, a few things must transpire – the email has to be successfully delivered, the email viewer must be successfully deceived, and finally, the user must unwittingly act in some way. When you open and unencrypted email, the sender’s identity is not verified and scammers can access and download data from your computer or the email can unleash a host of crippling viruses onto your dental office IT system. Three common email phishing scams aimed at the dental practice include:
Email encryption includes multiple safety features aimed at protecting dentists from email fraud that seeks to steal sensitive information such as login credentials, Social Security numbers, or bank account information. One of the main features of encryption is “authentication.” This validation technique implores some techniques to make sure emails that are sent and received is coming from a valid origin or identified domain.
Email security for dentists will ensure that encrypted email sent over public networks or is passed through unsecured domains is unreadable, or disguised. If a cybercriminal intercepts the email, the contents is unreadable. For a fully encrypted email the following should be implemented:
With email encryption, unauthorized users trying to breach your network are prevented from intercepting, reading, or capturing your email messages or login credentials – both those that you send and those that bounce between unsecured servers on the internet.
It is suggested that dental practices partner with a trusted IT service provider to encrypt sensitive data such as:
Dental information must be 100% HIPAA-compliant, and this includes information sent by way of your professional website. The best way to achieve this is through a secure portal that has email encryption. Nova Computer Solutions offers securely encrypted email services that are seamlessly integrated with your business email accounts, such as Gmail or other emails accounts. It allows your staff to send emails that are decrypted at the recipient’s end or emails that require the receiver to click on a link that will directly open the encrypted email. And most importantly, our process meets government security regulations that are needed to send HIPAA compliant emails.