Cybersecurity in the Dental Healthcare Sector: The Need of Knowledge for Small Practitioners
Technology has enhanced so many aspects of the dental practice, from digital charting to digital insurance claims, it saves time and makes things run smoothly. Unfortunately, that same technology can cause some very concerning cybersecurity risks. Proper maintenance of these systems is imperative to protect the patient’s privacy, and the practitioner’s wallet as some breaches can be quite costly. Statistics show an ever-increasing risk of cybersecurity breaches. A systematic review published this year in the journal Issues in Information Systems looked to identify specific cybersecurity literature for dental offices as small practitioners and present the need to expand the amount of this particular type of literature for these practitioners.1
The authors state they have observed the increase in the new technology equipment created for the dental community. They believe it is important for dentists to know how to protect themselves and their practices from cyber-attacks such as ransomware. The need to implement cybersecurity tools to protect the privacy, integrity, and confidentiality of the electronic protected health information (ePHI) is becoming more evident as there are increasing reports of such cyber-attacks on small practices.
Healthcare practitioners, including dentists, must comply with federal regulations to protect patient’s information. Violations of these regulations can result in fines ranging from $100 to $50,000. Additional concerns regardindeng email, MSM messages, and instant messaging were discussed, as the use of these communication options is increasingly being used to contact patients for various reasons. According to HIPAA Journal (2020), major instant messaging services are not encrypted and do not provide a recall option. If practitioners choose to use this technology, they cannot share any ePHI in the messages.
HIPAA Journal (2020) also highlighted a dental practitioner case that used YELP→ to respond to a patient’s comment, in their response, they revealed confidential information. The practitioner was fined due to a violation of HIPAA regulations. This includes social media of all types. Social media is not a place to discuss any patient’s case.
The authors’ recommendations to better protect against cyber-attacks include having employees routinely change their passwords, use two-factor authenticity, integrate a plan of recurrent updates, and frequent user training and awareness to review the practices and new trends. Additionally, the Health Industry Cybersecurity Practices recommends establishing a data backup, corresponding test, and the secure process recommended by the data backup software.
In conclusion, the authors state, “Cybersecurity in healthcare is enormous and there is a different tendency to approach the topic in a general manner. Specific literature for small practitioners will collaborate our findings, this systematic literature review confirms the necessity to expand the amount of academic literature of practitioners. Studies confirm that education aids in less cyber threats.”
Have you experienced a cyber-attack at your office? Does your office do routine training on the best methods to protect against cyberattacks? Have you shared cases on social media? If so, were you aware it can be considered a HIPAA violation?
Eliel Melon, Wilnelia Hernandez. Cybersecurity in the Dental Healthcare Sector: The Need of Knowledge for Small Practitioners. Issues in Information Systems. 2020. 21(1):118-124.