The Big Brush Blog | Treloar & Heisel Insurance Products for Dental Professionals

What is Ransomware and Why It's Important

Written by Amy Carbone | Jan 24, 2020 2:00:00 PM

You may have heard about ransomware when evaluating software for your dental practice. It can be beneficial to your data security to understand what it is and why you should pay attention to it. Here's some of what you should know.

What is Ransomware?

Ransomware is a kind of malware, or malicious software, that is designed to hold a computer or data "hostage" until the "ransom" is paid. What this often looks like is denied access to the system or specific data until the user removes the malware. Often, systems are not restored or data returned even if the user pays the "ransom." Ransomware is most often downloaded accidentally by unknowingly visiting a suspicious website or via phishing emails.

Why is Ransomware a Threat to Dental Practices?

Ransomware is truly a threat to any company using the internet to do business. However, practices that keep patient insurance and payment information on file could be at a higher risk for ransomware attacks than other types of businesses. This includes dental practices; hackers often steal financial data or insurance information to commit fraud, or to sell on the dark web for others to use for fraudulent purposes.

A staggering 400 dental practices were the target of a ransomware attack in August 2019. The arduous task of restoring lost data after an attack can take months or more, leaving dentists without records, imaging, patient schedules, insurance information, or payment ledgers. Essentially, a dentist becomes completely immobilized and unable to treat patients until computer access and data is restored.

5 Practices for Dentists to Protect Against Ransomware

Dentists and practice managers can help protect against the threat of ransomware by:

1. Configuring Practice Firewalls

Your firewall is essentially the gate between your practice and the internet– it's critical that it be properly configured to keep malicious or unrecognized IP addresses from accessing your network.

2. Backing Up Patient Data on a Regular Basis

If ransomware steals your data, it can be difficult to get it back. Your dental practice should be backing up your records on a daily basis, if not frequently throughout the day. For your practice to recover quickly after a ransomware attack, you need to be able to restore patient records and other critical data as quickly as possible. You'll revert to the last copy of saved data, but if it was captured three months ago, data from patient appointments over the last several weeks will likely be lost.

3. Training Employees on How to Handle Suspicious Emails and Safely Browse the Web

Since most ransomware comes through malicious emails and websites, it's important to train your staff on how to safely browse the internet and what to do with suspicious emails. All employees, including your hygienists, dental associates, dental assistants, and administrative staff, should be adequately informed on how to respond to potential threats online. Ask your IT company to help you hold a working lunch or training seminar that educates your staff on how to identify and mitigate risks.

4. Keeping Dental Practice Management Software Updated

It's also critical to keep dental practice management software as current as possible. Often, outdated systems and computer applications are the targets of ransomware attacks. Make sure you always have the latest version of whatever brand of practice management software you use. If the company that makes your software doesn't offer an update after a couple of years, consider switching to a more current program.

5. Employing Formidable Spam Filters

Spam email is arguably the most significant risk to dental practices in regard to the threat of ransomware. Opt for strong spam filters that do a good job of identifying spam emails and filtering them out of the inbox so they're not accidentally opened. Most email providers offer some type of spam filter, but you may want to consider asking your IT provider for a dedicated spam filtering program. If you're working with an IT company that has experience providing service to dental practices, they should be able to help you learn about available options and make an informed decision that fits the needs of your practice.

Unprepared for a Ransomware Attack? The Fallout Could Cost You Your Practice

If your practice isn't prepared for a ransomware attack, the consequences could be dire. Every minute that your computer system is down or your patient data is inaccessible, your practice is losing money. If you're unable to retrieve the data, the cost could be even higher. 

Backing up your computers every hour instead of every day may seem like overkill, but even just a few hours difference could be enough to save your practice thousands. 

Dental Economics reports that the average general practice brings in $771,000 per year. This breaks down to $64,250 per month, roughly $2,141 per day, and approximately $267 per hour. If your practice suffers a ransomware attack and are unable to restore your systems for six hours, you've lost about $1,602. If you can get back up and running in just an hour, your cost will be drastically reduced.

Creating a plan to protect against and handle ransomware attacks is critical for your dental practice. Consult your data breach insurance advisor and IT service providers a multi-pronged approach to data security in your practice.

About Treloar & Heisel

Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.

Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, LLC.

Insurance products offered through Treloar & Heisel, LLC.

Treloar & Heisel, LLC. and its divisions do not offer legal or information technology advice. Please consult a professional concerning these topics.