Contact Us Careers Find a Doctor Login / Register

Home Dentists Cybersecurity for Dental Practices

Cybersecurity for Dental Practices

Keep Cybersafe With Our Cybersecurity Education and Resources

Why Dental Practices Need Security Measures

Small businesses are experiencing a surge of cyberattacks. Almost half of all cyberattacks in 2023 have targeted small businesses—and health care is the industry most at risk.

Why?

Because cyber threat actors understand that small health care businesses—like dental practices—may not have robust cybersecurity controls or training, despite the amount of confidential data they store.

Though cyberattacks are both frequent and inevitable, you can reduce risk to your practice by implementing even a few key cybersecurity controls. Check out the following tips and tools to get started and visit this page often for updated content.

 

Dental Practices and Cyber Threats

Cyber incidents have surged across healthcare and small businesses - like dental practices - because cyber threat actors know these targets store confidential data and often lack the tools to defend against devastating attacks.

While having technology in place to prevent attacks is important, it still has limits to its protection and isn’t a replacement for ongoing staff awareness training. Keep reading for five practical cybersecurity tips to help each person at your office become a ‘human firewall’ and minimize your risk of undesirable consequences.

 

Please note: The content of this page, including any training modules, is meant to provide general information about cybersecurity best practices. It is based on general industry standards and is not tailor-made to fit any one situation. It does not replace professional cybersecurity services. If you have specific questions, please contact an information technology professional.

 


Here Are 5 Tips That Help Protect From Cyber Risk

Multi-Factor Authentication combines and leverages “something you know” (like your login credentials) and “something you have” (like your smartphone or email account).

MFA increases security because even if one of your credentials has been compromised, unauthorized users likely won't be able to meet the second step, which will block their attempted access to the targeted computing device, network, or database.

To learn more about MFA and how to enable it on some of the more popular tools, check out these resources:
Updates can install new features, protect data, improve performance, and ensure compatibility. Many software vendors today even allow you to enable automatic updates.

The two most important reasons to stay on top of software updates? Patching security flaws and protecting your data, which you can learn more about here:

From checking your email to online banking to simply accessing your devices and systems, passwords are a part of daily living. While it can feel tempting to use a short or catchy password to help you keep track, a lack of password complexity or repeating passwords can also pose serious risks to your security.

To protect yourself and your information, use passwords that are long, strong, and difficult for someone else to guess—while still relatively easy for you to remember.

  • Password Length
    The longer a password is, the harder it is to crack. Many security professionals recommend 16 unrepeated characters.


  • Uniqueness
    For stronger cybersecurity, every one of your accounts should have a unique password. Though it may feel like you’re saving time or effort by using the same password for multiple accounts, doing so can increase your risk.

    For example, if your credentials get stolen in a data breach, an unauthorized user could gain access to any accounts where you’ve used those same credentials.


  • Passphrase
    With all the requirements needed to make your passwords strong, creating passphrases can help you create and keep track of your unique passwords. A passphrase is an easy phrase for you to remember, but hard for others to guess (such as an uncommon song lyric). When creating a passphrase, avoid commonly used phrases (like ‘letmein!’) or personal information (like the name of your pet). Here's an example of a strong passphrase: F1sh1ngWithMyS0n


  • Changing Passwords
    While tedious, occasionally updating passwords is a strong security practice, especially if you fear an account has been compromised or if you notice unusual activity.


  • Password Managers
    A password manager can generate, save, and sync passwords across multiple devices. It's a handy application that removes the hassle of having to remember all of your long credentials and prevents bad habits like writing passwords down or storing them in unsecure documents. Google "password managers" to learn more.
Routine cybersecurity awareness training can help prevent the loss of Personal Identifiable Information (PII), intellectual property, money, or brand reputation. An effective awareness training program may help address the common cybersecurity mistakes employees may unknowingly make on the web, through email or text, and in the physical world, such as document disposal or being tailgated. To learn more about cybersecurity awareness training, check out these resources from the Cybersecurity & Infrastructure Security Agency.
A cyber insurance policy helps an organization pay for any financial losses they may incur in the event of a cyberattack or data breach. It also helps them cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.

How ‘The Power of the Pause Can Help Your
Practice Avoid Phishing Attacks

Why the ‘Power of Pause’ Is Important for Your Dental Clinic

How often do you pause to analyze the emails your practice receives before clicking and acting?

According to the American Dental Association (ADA) and cybersecurity experts, phishing is the number one way cybercriminals breach dental office data and computer systems—and with the power of Artificial Intelligence, they’re becoming better at doing so.

Keep reading to expand your phishing knowledge and learn 5 simple questions worth taking the time to pause and ask.


What are Phishing Emails?

Phishing emails are fraudulent emails that look like they were sent from legitimate sources—like dental suppliers, banks, or other popular companies and services. Taking advantage of consumer trust, phishing emails aim to trick dental office staff into revealing sensitive information, such as login credentials, financial information, or patient data. They can also contain malware or ransomware that can compromise the dental office's computer system.

Analyzing an email before replying or clicking is crucial to protect yourself from various online threats, including phishing, malware, spam, identity theft, financial fraud, and more.


Power of the Pause: Top 5 Questions to Ask Before Clicking

To help avoid falling victim to phishing emails, it's essential for dental offices to be vigilant and implement robust cybersecurity measures to protect patient data and prevent cyberattacks. Before clicking a link or opening an attachment, use the ‘power of the pause’ to ask yourself these 5 questions. If you answer ‘YES’ to any, be cautious and verify the email’s authenticity before acting!

 

 

An unexpected email could be phishing or could contain ‘malware ‘(which is short for ‘malicious software’, such as viruses, ransomware, spyware, or adware). Malware can damage your systems or devices, steal your personal information, or compromise your online security. Some malware can also spread to other systems or devices on the same network or through email attachments. You should always have updated antivirus software on your systems and devices and avoid opening suspicious files or links from unknown sources. If the email is unexpected, it’s always safer to avoid interacting with it. If the email feels relevant, call the legitimate source to verify its authenticity.
An email address is one way to identify an email’s sender. If an email address is unfamiliar, it’s possible the sender is trying to hide their identity or isn’t who they claim to be. For example, a scammer may use a fake email address that looks legitimate—but with a slight spelling change or different domain name. Alternatively, a hacker may spoof an email address to make it appear as if it comes from a trusted source—such as your bank, employer, or friends. In both cases, the sender's goal is to trick you into believing the email is authentic and trustworthy--so you'll follow their instructions or requests. Instead of replying or clicking, use another method to contact your trusted source—such as phone, official website, or known email—to verify.
An email with a sense of urgency may pressure you into acting quickly—without pausing to think or verify the source. For example, an email may claim that your account has been hacked, your subscription is about to expire, or you’ve won a prize that requires immediate confirmation. These common tactics used by scammers are designed to make you panic—so you’ll click on malicious links and attachments or provide personal or financial information. You should always be cautious of emails that demand urgent action and check the sender's identity and the validity of the message before responding.
Always pause if an email asks you to act, as it may be a phishing attempt or a scam that’s trying to exploit your trust or emotions to pay money, donate to a fake charity, take part in a bogus survey, or claim a nonexistent reward. Both phishing and scams can harm you financially, damage your reputation, or compromise your online security. You should always verify the identity and legitimacy of the sender before taking any action, and never click on links or attachments that you aren't sure about. If ever in doubt, contact the organization or person directly using a different channel, such as phone or official website.
Hovering is a technique that can help you analyze an email by revealing the true destination of a link or an attachment. A link or an attachment is a clickable element in an email that can take you to another website, download a file, or open a document. However, some links or attachments may be disguised or spoofed to look legitimate but lead you to malicious sites or files.

For example, a link may appear to be from your bank but directs you to a fake site that asks for your login credentials. Or an attachment may seem to be an invoice but contains a virus that can infect your systems or devices. Hovering is a way to check the actual location of a link or an attachment without clicking on it.

To hover, you simply move your mouse cursor over the link or the attachment and wait for a few seconds. A small box will pop up and show you the URL or the file name of the link or the attachment. You can then compare this information with the text or the icon of the link or the attachment and see if they match. If they do not match, or if the URL or the file name looks suspicious, you should avoid clicking on the link or the attachment and delete the email or report it as a phishing attempt.

Deciphering a URL can be challenging, but don't worry - the internet is here to help! Utilize online resources like VirusTotal to assist you in determining whether a website is safe to visit. These tools can help you make informed decisions and avoid potential online threats.

Cybersecurity for Dental Practices