“Watch-your-back!” That serves as a warning these days especially related to cybersecurity and ransomware threats to your dental practice database.
The ADA (American Dental Association) sounded the “watch-your-back” alarm recently. Two specific vulnerabilities could put your sensitive dental practice information at risk.
”The Cybersecurity and Infrastructure Security Agency is encouraging private businesses that use Microsoft Windows Server in a domain controller role to apply a security update released in August (2020). The update addresses a vulnerability that could allow an unauthenticated attacker to obtain domain administrator access, according to an agency alert.
Dental practices that have a Windows Server domain controller in their office environment should work with their technical support resources to make sure this vulnerability is addressed as soon as possible.”
”…a domain controller is a server that responds to security authentication requests, such as a request to log on to the server. The vulnerability affects the mechanism for authenticating user accounts, according to Microsoft.”
A second ADA caution includes a substantial settlement related to a data breach and HIPAA violations.
”The U.S. Department of Health and Human Services announced Sept. 25 that Premera Blue Cross has agreed to pay $6.85 million to the Office for Civil Rights at HHS to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules.”
The OCR (Office for Civil Rights) issued this alert:
“If large health insurance entities don’t invest the time and effort to identify their security vulnerabilities, be they technical or human, hackers surely will,” said OCR Director Roger Severino, in a news release. “This case vividly demonstrates the damage that results when hackers are allowed to roam undetected in a computer system for nearly nine months.”
Know your vulnerabilities
A routine network assessment could be the most important safeguard you implement. Protecting your dental practice from catastrophic data loss or a data breach must be more than a casual after-thought.
Thinking you’re immune as in, “…it won’t happen to me…” is no longer acceptable. Not in this era!
Network breaches are typically the work of outside hackers who prey on weak spots in your system. A regular network assessment could reveal some common vulnerabilities.
Unrecognized or inactive network users
Your network is safest when it’s accessed by those with designated, current access credentials. A scan might reveal outdated user names such as those who are no longer employed at your practice.
Computers with “keys-to-the-front-door”
For example, you upgrade your office computers and donate the old ones to staff members or charities for personal use. Security issues can arise if you fail to remove those individual units from your domain (server) and they still have access to your network.
This is an obvious point of concern. And it’s especially concerning if you don’t have a backup routine or a Server DOwndisaster recovery strategy in place.
”Free-range” user access
Administrator access to your system should be viewed as a privilege. Full access granted to all or most employees is …