Donna Hall asks Tracy Pound about the risk of cybercrime and what dentists can do to protect their data…
The threat of cybercrime is very real – a third of
businesses reported cyber-attacks in the past 12 months*. Of those, almost a
half reported at least one breach or attack a month.
It can be tempting to think that only big companies or
organisations are at risk of such crimes, for example the global Wannacry
attack, which affected the NHS, Renault and FedEx in 2017. However, while these
may be the ones widely reported in the media, it is not always on such a large
scale or aimed at these kinds of businesses.
As dental practices hold a lot of personal information,
they can be a very attractive target for cybercriminals. To find out more and
ask for advice on how to mitigate the risk, I spoke to technology expert Tracy
Donna Hall (DH): Are smaller businesses, such as dental practices, less likely to face cybercrime?
Pound (TP): No, cybercriminals will look for the route of
least resistance. Just like if you have an alarm at home, criminals will be
deterred from trying to break in, the same goes for cybercrime. If you have no
defence then they will attack and because you are small, they know that you are
less likely to have invested in cyber security measures so you’re a good target
Small businesses often don’t think of themselves as a
target because they think they have nothing worth stealing. But they do –
intellectual property, names and addresses, they might hold bank details for
customers or patients, and they might have historical information that
cybercriminals can use to impersonate them online.
DH: What can practices do to protect their patients’ data?
with your team to identify what data you have, where it is stored, who has
access to it and the risk of it being breached.
Put a cyber security strategy in place that answers the
following kinds of questions:
- What data do we hold?
- How could our data be breached and what would
the consequences be?
- What information is available on our website?
- How are our electronic patient records secured
– who has access and why?
- Are those records backed up, and who has access
to the back-ups?
- How are our paper patient records stored? Could
someone break in and steal them to create online personas and commit cybercrime
DH: How critical is bringing in the whole team?
have to involve everyone. Cyber security is not a technical issue per se, it’s
a human issue so it needs human beings to solve it – and that means all of your
Educating your staff is key when it comes to protecting
your practice. Your weakest link will let the cybercriminals in and that may
well be human error. Some of the very big hacks on large companies have
actually been done via smaller sub-contractors.
DH: What can you do to stop a data breach?
relationship you have with your IT company becomes ever more critical and they
should be recommending some basic control measures. For example, installing
anti-virus and anti-malware software on every machine and developing a Bring
Your Own Device strategy.
If someone is using a mobile phone which has access to the
practice’s emails, they need to be careful about what they are doing with that
device at home, but particularly in public places.
One of the big danger points is WiFi in public places, such
as cafés because anyone can pretend to be any WiFi network. I could set up a WiFi
hotspot on my phone and call it Costa Coffee and then other people in there can
use that network and I can then see all their traffic.
DH: Very interesting. Thanks for such an informative discussion, and plenty of things to think about how to stay safe.
*According to the Government’s Cyber Security Breaches Survey 2019
Get all blogs delivered to your inbox
The security of your personal data is very important to us and we will never sell your data to other companies. You can read more about how we protect your information and your rights by reading our privacy notice.