Have you ever considered how vulnerable your practice might be to a cyberattack? In this episode, Reuben and I delve into the alarming issue of cybersecurity threats targeting the dental industry. With recent warnings from the FBI about credible threats, it's clear that dental practices need to take cybersecurity seriously. We explore the potential consequences of these threats, the crucial need for comprehensive security awareness training for staff members, and essential steps to prevent email-based attacks.
The conversation goes in-depth into why using Microsoft 365 for enhanced email security is a game-changer for dental offices. Reuben also discuss the importance of working with IT experts to set up robust cybersecurity measures. Whether you're a dental professional or someone concerned about the security of sensitive patient information, this episode offers loads of practical advice. Don't miss out on this vital information that could protect your practice from devastating cyber attacks.
What You'll Learn in This Episode:
Take action today to secure your dental practice's email communications and protect sensitive patient information!
Sponsors:
For DSO integrations, startup solutions, and all your dental IT needs, let our sponsors, Darkhorse Tech, help out so you can focus on providing the amazing care that you do. For 1 month of FREE service, visit their link today! https://thedentalmarketer.lpages.co/darkhorse-deal/
You can reach out to Reuben Kamp here:
Website: https://www.darkhorsetech.com/
Email: sales@darkhorsetech.com
Phone: 800-868-4504
Facebook: https://www.facebook.com/DarkhorseTech
Mentions and Links:
Businesses/Services:
Organizations:
Software/Tools:
People:
If you want your questions answered on Monday Morning Episodes, ask me on these platforms:
My Newsletter: https://thedentalmarketer.lpages.co/newsletter/
The Dental Marketer Society Facebook Group: https://www.facebook.com/groups/2031814726927041
Michael: Hey, Ruben. So talk to us. What's happening right now for this Monday morning episode, we're going to be talking about something specific when it comes to security, Michael: What's going on?
Reuben: Emergency pod. First of all, emergency pod, Michael. Michael: All Reuben: right. You know, those, uh, Reuben: those sirens Instagram are overused, but in this case it Reuben: does apply. FBI warns of credible cybersecurity threats of the dental industry. that's why we're talking today. Michael: Okay. So what's happening. This happened. One of the articles we're looking at is on may 8th, so Michael: like not less than a week ago, less than a week, a couple of days ago, something's going on specifically with this cyber security threat. To all Michael: dental practices everywhere in the nation or Reuben: yeah, so it is morphed into that over the last few days. So basically, uh, the FBI was monitoring, uh, a hacking group,
Reuben: connected to change healthcare, connected to United Healthcare, connected to Henry Schein, connected to Aspen. You know, all these groups have obviously made the Reuben: headlines in the last uh, year or so uh, change healthcare, obviously being uh, most recent, Reuben: they were actually investigating a threat because they were attacking the plastics. Surgery market. And Reuben: then they shifted their focus to Reuben: oral surgery. And that's kind of, that was the, the Reuben: splashy update from last week, right? Reuben: May 6th, May 8th. And now the FBI uh, FBI is Reuben: basically saying general dentistry is now being targeted as well. So, Reuben: See, it went from outside the dental industry to a dental, you know, specialty. And now to the majority of dental practices out there are you Uh, actively being targeted.
Michael: So then a couple of things, I mean, we Michael: obviously want to know what to look out for, but what's the consequences here? Michael: If let's just say. We did end up accidentally doing something that we weren't supposed to do, like Michael: opening up an email or clicking specific Michael: link, you know, stuff we don't really know.
Reuben: Yeah. Let's all the way to the end is you're bankrupting of practice, right? We Reuben: go back one step that is, you know, uh, the Reuben: overwhelming majority of practices that suffer a cybersecurity attack go out of business. All right. So we're starting at the end, we're working backwards. So that, that means. you, Or if you are a doctor or a staff member, you
Reuben: clicked on a staff member, clicked on it. an email, a link that downloaded a payload to your office, right? Ransomware is, is most of what we're talking about here. Reuben: And that ransomware, let's say you're running Dentrix or Eagle software, open dental, one of these, uh, you know, server based practice management Reuben: softwares, that ransomware was able to embed itself into your practice management software, right? Patient health information, Reuben: uh, x rays, uh, social security numbers, medical history. You know, all the stuff that we call protected health information or EPHI electronic protected health and Reuben: they get that data and they exfiltrate it or take it out of the office, that is a Reuben: breach, which then feeds me into most practices that go through a breach, go out of business, and then you're, you're no longer an owner of a practice, you're an associated at another practice. I guess that is actually the last step. And that Reuben: is why this is so important is because Reuben: it's so darn easy to protect yourself from this Reuben: happening. But only 6 percent of the dental offices out there are HIPAA compliant. So hackers go, wow, we have a 94 percent Reuben: chance of getting into this office. Thank God. But, and that's why, Reuben: Honestly, it's like Dennis and the, the only really industry Reuben: less compliant the dentistry, Reuben: you guys can make fun of them is chiropractors. Reuben: So, Hey, those are the industries that, that are go after because of the lowest hanging fruit. if you Reuben: have dogs at your house, and Michael, you know, Reuben: I have, you know, 10, 000 dogs that live with me, Reuben: a robber does not want to come rob my house, because they're going to be attacked by a bunch of dogs. they want to attack the house. That the owners are on vacation, there's no animals, it's dark, you know, they Reuben: are opportunistic just like any other profession. So Reuben: that is why they're going after the dental industry specifically.
Michael: Gotcha. Something you mentioned, man, where you said staff members click on it. I think the most common Michael: thing. I mean, one of the practices I worked at the actual doctor clicked on it and Michael: ended up paying. But like with, when it comes to the staff members. Do they need to receive specific training for this? Or
Reuben: yeah, we call it security awareness training or SAT for short. Uh, not to be confused with the test Reuben: that is, it is coming back now. turns out it's a great predictor. If you're going to be okay at college, Reuben: um, I digress. So basically security awareness training trains your staff. who, You Reuben: know, you got to give to them. They're Reuben: busy. They're your phone calls. There's patients in front of them. They're scheduling, their billing, they're checking people out. There's Reuben: a lot going on. So you kind of have to, you know, if they do have an email come through Reuben: and it looks like it's from UPS, or it looks like it's, you know, from a Reuben: credible source and they don't, they don't have their guard up and they click Reuben: on it. It's Reuben: really hard to come down Reuben: on that person right? Reuben: You're expecting a lot out of them. And, and, and also, you know, be, have your, you know, your hat on your cyber Reuben: hat on and be vigilant at all times for through. So it's really important that you set up like. Let's not do a free Gmail account, right? That Reuben: has no security protection. Reuben: It's really important that you have an email system. I recommend Microsoft Reuben: 365 for all businesses that will stop those emails from coming in to begin with, because it never made it through Reuben: the spam filter. Right. Uh, the phishing filter. Reuben: So what's it worth that your staff. Doesn't even have to see that email that's worth a lot, right? Reuben: And then secondarily, let's say it is something that's more sophisticated, right? AI is obviously Reuben: playing a huge role in these emerging threats because it's no longer, you know, Prince of Nigeria Reuben: asking you for money who doesn't speak good English. It's like a perfectly crafted Reuben: email that's written by, uh, Beauty. so what security awareness training does is it, uh, it's a campaign. So like, if Reuben: I set this up, I'll randomly send out emails to your employees, right? If they click on a message that they Reuben: shouldn't have. have. Reuben: They are forced Reuben: down the training loop of, okay, Reuben: you have to go to school to realize like, what does a real email looks like? You know, is this Reuben: an external sender? Is it an internal sender? So it Reuben: really, it's just another, uh, training element, but you know, we're in the prevention business, right? I don't, I don't want Reuben: to clean stuff up. I want to play default. I want to block stuff from happening. And Reuben: of course the client wants that too.
Michael: Gotcha. Okay. So then right now, what steps can we do or what to look out for? What can we look out for? What steps can we do when it comes to preventing this threat that's happening today? Absolutely. And
Reuben: I'm going to focus on email because that is, the Reuben: FBI is, the warning is specifically tied to email. It's the easy, again, we talked about ease of Reuben: access is the easiest way to get into a Reuben: business is to send someone email. I can Reuben: send Bill Gates an email right now. Right. It Reuben: It doesn't matter. I have his email. I get sent to him. and so there's hundreds, thousands of practices out there that use Reuben: friendly smiles at gmail. com. So the Reuben: to action is sign up for a Microsoft account. It's Reuben: going to do two things. One, uh, it's going to give you that increased protection we talked about. Reuben: Two, It's more professional, right? It's more professional to receive an email, not from friendly smiles at gmail. com, Reuben: but office at friendly smiles. com, right? You're using your domain name. Reuben: tied to your website. It's professional. Maybe you have a signature. It just gives your, the people you're communicating with Reuben: patients, staff labs. an air that, you know, you are a professional Reuben: business. So, it Reuben: just have to be for cybersecurity. It can be to kind of raise your professionalism as Reuben: a business. Gotcha. So get that first. Microsoft three, six, five. Reuben: Microsoft 365. It's a, it's a suite of products, right? We use Microsoft 365 Reuben: for open dental cloud hosting, but we also use Microsoft 365 for email for Microsoft teams, for one drive. So Reuben: there's a lot to it, but we're really specifically talking about, email or some people refer to as outlook, which Reuben: is a specific email product that Microsoft offers. Okay.
Michael: Okay. So we do that next steps. Would that be the only step or that's it?
Reuben: We're only going to focus on. Protecting yourself from the credible threat Reuben: the FBI, we can have a hour long about all the other stuff you need to do, but please, the takeaway from this is really bolster your email security.
Michael: Gotcha. Okay. So get that So if we have it already, we don't got to worry about Reuben: IT company check it your it company, check it out, Ask them a question. Hey, am I doing Reuben: I need to do? If you don't have an it company, I run one. I Reuben: can help you out, but there's a lot of companies out there. So, either, you know, if you have an incumbent IT company, just reach Reuben: out to them, say, Hey, Can you guys get me set up with this? Or hey, I'm running this. Is there anything better we can do? Cause Reuben: there are some nuances there that are a little technical, but you know, you as the, uh, you as the client really shouldn't really have to worry about setting that up. Gotcha.
Michael: Awesome, man. Any other pieces of advice you wanted to mention in this episode?
Reuben: The FBI got involved, so they don't just like, Reuben: uh, creep into the dental industry, Reuben: uh, just cause they get bored. Reuben: So this is, it's a credible threat and just, it's a great reminder to just do the, Reuben: honestly, I'm just asking you guys to do the bare minimum here. Reuben: it's just sign up for secure email, which is also a HIPAA Reuben: compliance requirement, just. Just for the record. Yeah.
Michael: Is that the only option? Microsoft Office Michael: 365? Or we can go with another one?
Reuben: I mean, G Suite is also an option. So there is free Gmail right at gmail. com. And G Suite is Google's business version. And Reuben: that, that does have a much higher level of security than the free Gmail. You Reuben: do have to add, uh, an encryption element to it to make it HIPAA compliant, but I Reuben: just bring up Microsoft 365 because it is the lowest expense, easiest way to do this. Oh, lowest expense. how
Michael: much is it? Reuben: Four bucks an email. Man. Yeah. So it's Michael: pretty easy. It's Reuben: cheaper than G suite. Yeah. It's, it's just, and then you don't have to worry about the whole. Encryption piece, uh, like you do with G suite. So
Reuben: that's why I mentioned Microsoft 365 and also most it companies have a relationship with Microsoft and they can set this up for you. Gotcha.
Michael: Awesome. Ruben, thank you so much for this. We appreciate it. Anybody listening go take action right now. Michael: And if anyone has further questions, where can they reach out to you?
Reuben: Hey, sales at dark horse tech. com. I'm all over Facebook. You can bother me Reuben: on there or 800 868 4504 be happy to help anybody out. Thanks Awesome. Michael: that's going to be in the show notes below and Ruben, thank you for being with me on this Monday morning episode. Reuben: Thanks Michael.