Phishing schemes, ransomware attacks and generative AI are three cyber and data security threats that dental practices and companies have to deal with in 2024.
Six industry leaders recently connected with Becker's to share what challenges dentistry is facing when it comes to cybersecurity.
Note: Responses were lightly edited for clarity and length.
Question: What are some data/cybersecurity threats that dental practices, DSOs and/or other dental companies have to deal with?
Dev Ashish. Chief Technology Officer of ClearChoice Management Services (Greenwood Village, Colo.): In many ways, DSOs and dental companies are not unique and face some of the same cybersecurity threats as regular healthcare and other industries. It is a well known fact that [protected health information] sells for a much higher amount than credit card numbers on the dark web, and that makes dental organizations a real target. Some of the common threats are: ransomware attacks, data breaches, phishing emails, malware, lost or stolen devices, insider threats, financial fraud, medical identity theft, reputational damage and compliance risks. In recent years, the definition of a breach has changed. Originally, it used to mean loss of information, but now it has evolved to "loss of control." So, if an organization experiences a ransomware attack, pays the ransom and gets its data back, that could still be deemed a breach, as PHI would have been held outside of their control for a period of time.
David Chei, DMD. CEO of Care 1st Dental Management (Carrollton, Texas): My office computer system was infected by a ransomware virus a few years ago. I had to pay a hefty ransom to gain access to my patient data. I still lost about six months of data containing radiographs.
Dan Mirsky. Senior Vice President and CIO of Sage Dental (Boca Raton, Fla.): I do have to say that the most prevalent attack vector we have seen on the rise again lately is still the phishing campaigns to employees from "the CEO." Attackers are starting to do their homework more than ever, utilizing LinkedIn and other social media platforms to gather targets and context to make these attacks more effective. We find that they will target multiple employees, and in some cases we've seen spouses of employees getting these messages on a Friday afternoon in most cases. This leads me to believe that they are not only utilizing social media platforms but also other sources to obtain the personal cell phones of these employees and their families.
Dion Perkins. Vice President of IT of Mortenson Dental Partners (Louisville, Ky.): Next gen threats including generative AI threats from voice and email phishing attempts are a big problem. Another worry is how to keep your legitimate business calls and texts off the carrier's AI hit list. All carriers are trying to protect their customers, but the rules of legitimacy are not known. Your DSO can now show up as a "likely scam" call because of some unknown limit you have reached. Once you are on the lists it is difficult to get off, and your team will spend more and more time calling and leaving messages that may or may not ever be heard.
Steven Price. President and CEO of Tech Rockstars (Monrovia, Calif.): In today's technologically driven world, dental practices and DSOs face a myriad of data and cybersecurity threats that can compromise their operations and patient trust, ranging from sophisticated ransomware attacks to more subtle but equally dangerous phishing scams. The challenge is exacerbated by the fact that many dental practices, particularly smaller ones or those that have recently been part of mergers or acquisitions, may not prioritize cybersecurity. One of the most significant vulnerabilities arises from within: the human element. Staff members who lack training in cybersecurity best practices can unwittingly become the weakest link, opening doors to cyberattacks through innocent actions. With dental practices increasingly relying on digital systems for everything from scheduling appointments to storing X-rays and treatment plans, the risk of a data breach has never been higher. The cost of cybersecurity can be a deterrent for many practices, leading to a dangerous cost-cutting approach where security measures are seen as an optional extra rather than a necessity.
Daniel Romary. Chief Information and Analytics Officer of North American Dental Group (Pittsburgh): In recent months, we have seen a drastic increase in cyberattacks across all industries. In dental specifically, we are seeing a rise in ransomware attacks, data breaches and phishing and "SMS" attacks.