Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer systems and in particular, your patients data from viruses and malware. Following the best practices in this ebook can reduce the risk of malicious software ruining your data, your reputation and your practice. How Does Your System Get Infected? Hackers may send unsolicited email with embedded malware links or attachments that contain viruses. Opening suspicious emails and clicking on links or attachments can infect your computer network. Someone on your team may accidentally click on an Internet advertisement that downloads malware in the background. A memory stick with an embedded virus can infect your system when someone plugs it into a USB port. Data thieves and hackers create hundreds of new ways to infect your system each month. To help you foil the fraudsters and protect your practice, here are ten defensive strategies you can use. Strategy 1: Keep Your Business Email Address Private Yes, you can share your business email address with patients, partners and colleagues. Just don t use it on public websites. Spammers first need to know your email address in order to send you malicious emails. It s best not to use your business email address to order services, enter contests, sign petitions and so forth. Only use it on websites you know and trust. Unfortunately, even legitimate websites will share your email address with third parties. If the option is available, opt out of email advertisements and special offers from our partners when you sign up for something on a website. The more you can reduce exposing your business email address, the safer your practice will be. On your practice s Ransomware Nightmare Ransomware, a type of malware that infects and disables computers and demands payment from victims to restore data access, is a growing threat to dental practices. Ransomware recently infected a California dental practice, encrypting its electronic patient information, scheduling software and digital X-rays. The hackers demanded $500 to restore the files. The dentist s cloud backup and hard-drive backup were also encrypted, essentially closing the practice for several days. To fix the problem, the dental practice had to install a new server. Security experts advise victims not to pay the ransom because: It can make you a target for more malware. It perpetuates the threat by funding cybercriminals. It doesn t guarantee your encrypted files will be released. Source: http://www.cda.org/newsevents/ Details/tabid/146/ArticleID/2917/Actions-to- Help-Avoid-Ransomware-Nightmare.aspx 2 SECURITY RISK ASSESSMENTS
website, use a secure comment form that requires human verification, such as a CAPTCHA code. Your email address can be extracted from public websites by harvesting bots, software that gathers lists of email addresses for sending junk email and spreading malware. Make sure your business email address doesn t automatically show up with your signature on web forums or as a link in online guest books. Never use your business email address to sign up for contests, discounts, promotions or other online marketing schemes. Strategy 2: Use a Filter for Junk Email If you host your own Microsoft Exchange server, implement a junk mail filter or spam firewall service such as Barracuda. This type of service helps reduce junk emails in your inbox. Without a junk email filter, your Exchange email is vulnerable to being flooded by spambots. If you use web-based email for your dental practice, make sure to use a reputable service such as Outlook.com or Gmail. These email services have built-in security measures to help prevent unsolicited email and viruses. Consider removing an email account that receives excessive junk mail and creating a more private email address for your practice. Starting over with a new email address may require updating your business cards and marketing materials, but it s worth the security it adds to your practice. Strategy 3: Delete Don t Open Suspicious Email When checking your email, don t click on unfamiliar or suspicious emails or attachments. Instead, immediately delete them. Some suspicious emails can add your email address to a list or even install malware or a virus when opened. Tips from TDIC The Dentists Insurance Company (TDIC) recommends these tips to keep malware from infecting your dental office: Always run an up-to-date antivirus program. Add malware detection software to your system. Keep software and browserrelated components updated. Turn on computer firewalls on all devices. Be wary of email attachments, even if they appear to be from someone you know. Regularly back up your data. Store backups in a separate location. Download software only from websites you can trust. Limit user privileges on your system through user account controls. Alert your team of ransomware risks. Source: http://www.cda.org/newsevents/ Details/tabid/146/ArticleID/2917/Actions-to- Help-Avoid-Ransomware-Nightmare.aspx Before opening an email attachment, verify that you recognize the sender, the name of the attachment, and the body of the email. If anything seems out of place, do not open the attachment. Be careful with unsubscribe links in your email. Although many unsubscribe links are legitimate, some contain links to malware. SECURITY RISK ASSESSMENTS 3
Strategy 4: Encrypt Your Email Messages Before sending an email to a patient or business partner especially if the message or attachments include protected healthcare data encrypt the email so it can t be read or captured by a hacker in transit. RecordLinc Secure-Mail is an encrypted email and marketing portal exclusively for dental professionals. It allows you to easily send secure messages to other dentists, labs and patients. Discuss other email encryption solutions with your IT provider to keep you and your business partners in compliance with healthcare regulations. Strategy 5: Restrict Email Use on Practice Computers Limit email use on your practice s computers and networked devices to official dental business only. Use secure email methods with proper filters and antivirus protection. Many small businesses get virus infections from personal email use by employees. Dental practices are no exception. Only employees who are trained in email security protocols should use your practice s email system. Personal email should be done on personal devices. Strategy 6: Minimize Web Browsing Minimize the number of employees allowed to browse the web on your practice s computers. These employees should use the web for business purposes and visit legitimate websites only. The more restrictions on web browsing, the safer your network will be. Web filtering services can prevent employees from visiting potentially dangerous sites. These services can also provide a regular report showing web use in your practice. Social media sites are one of the leading sources of malware infection. Therefore, personal web browsing by employees should not be allowed on practice computers. Make it a policy that employees must use their own devices for personal web browsing. Tips for Your Team Help your team avoid the tricks and traps hackers use to infect computers with malware. Review these tips with them: Never open email from someone you don t know or from anyone who isn t in your patient database. If you open an email from someone you know, never open/ download any attachments or click on any links without talking to the sender first. Stay away from social media sites as much as possible. If you must post something for marketing purposes, never click on ads in social media sites. If a warning message pops up that says something like, Your computer has a virus. Click here to remove, never click on the link. Create strong passwords at least eight characters long, including upper- and lowercase letters, numerals, punctuation marks and symbols. Never use your name, birthdate, pet s name or address. Keep your passwords secret. Never share your passwords with friends or colleagues. Source: www.microsoft.com/security/ 4 SECURITY RISK ASSESSMENTS
Strategy 7: Keep Personal Devices Off Your Network Unless you have a secure firewall in place with a guest network that s separate from your practice s network, do not allow personal devices including anything that plugs into a USB port to connect or upload data to your business network. Strategy 8: Run Software Updates Regularly Run Windows security updates on a regular basis. You can schedule them to run after hours so they won t disrupt your productivity. Once updates are installed, test your network, connected devices and your database to make sure they are in working condition before the next business day. Windows updates can t protect against all possible attacks, but they can help to make your systems more secure. Update your web browsers, media players and other frequently-used software as well. Consider outsourcing your IT maintenance to keep your systems safe and up-to-date. Strategy 9: Install Antivirus Software on All Systems All workstations and servers in your practice should have the latest antivirus software installed. Keep this software active and up-to-date. Most antivirus programs automatically check for updates and allow you to schedule regular scans for infection. While antivirus software can t protect against all possible attacks, it can keep your network safer by blocking viruses and malware. Strategy 10: Back Up Your Practice Data Frequently Each backup should be on separate, secure and encrypted media. You should have multiple backups for multiple restore dates. For example, one backup from yesterday, another backup from two days ago, another backup from three days ago, and a fourth backup from two weeks ago. VIMALWARE Symptoms The sooner you can detect and remove malware from your system, the safer your dental practice will be. The following symptoms may indicate a malware infection. Contact your IT provider immediately if you notice any of these conditions: Malware detection software will not run. Antivirus software is disabled. Browser home page has changed. Computer settings have changed. Desktop wallpaper has changed. Fake antivirus programs appear. Firewall is disabled. Files or programs are missing. Pop-up windows or warning messages appear for no reason. Programs you don't remember installing appear on your computer. Websites get redirected. Task manager is disabled. Source: http://library.uchc.edu/departm/cec/ laptop/lapsafe.html SECURITY RISK ASSESSMENTS 5
Multiple backups on multiple media become critical if you later need to restore your data from a backup. Be sure that your backup media is secure. For example, some USB hard drives have built-in encryption and password protection. By setting a password on the drive, you can help keep your data secure. Dentrix ebackup is a reliable and secure solution for ensuring the safety of your patient data. The automated process backs up the files you want protected, at a convenient time, to a secure remote location. Why Not Get Professional Help? Protecting your dental practice from computer viruses and malware can be complicated and timeconsuming. Henry Schein TechCentral can help. Their trained field technicians and certified technical support staff specialize in technology for dental and medical practices. TechCentral offers consulting services, maintenance and support programs to keep your critical business systems running. Local IT firms can solve isolated problems and offer limited general services, but they simply can t match TechCentral s comprehensive technology and dental industry expertise. To learn more about TechCentral support and maintenance options, call 877.483.0382, option 1, or visit www. henryscheintechcentral.com. 6 SECURITY RISK ASSESSMENTS
SECURITY RISK ASSESSMENTS 7
2015 Henry Schein TechCentral.