Recent data breaches targeting dental practices and patient databases once again show the many cybersecurity challenges facing the healthcare system. While the latest headlines demonstrate the security cracks that dental providers face in safeguarding patient personal information, it also serves as another reminder that the entire system remains a constant target.
From large corporate clinics to independent chiropractors and other small-scale health practitioners, cybercriminals make no distinction. If your practice does not yet have effective cybersecurity measures in place, let the examples below highlight just how essential pre-data breach planning and response services have become for you practice.
American Dental Association Attacked
A cyberattack last month crippled the American Dental Association (ADA) and poses ongoing issues for the association and its 175,000 members. While not technically a dental provider, the ADA is well known in the industry for extensive trainings and other education material it provides. The credibility of the ADA makes it a respected name, with an official seal stamping many favourite consumer oral hygiene products.
When the cyberattack first appeared, it shut down the ADA website and other online services, effectively halting day-to-day operations in their tracks. The ADA first reported that they “fell victim to a cybersecurity incident that caused a disruption to certain systems” in an attempt to downplay any compromised information affecting its many members. After word of the attack got out, a ransomware gang called Black Basta claimed responsibility and informed the digital world that they had already leaked a large amount of stolen data.
Much of the leaked member data involved in this case includes the information of dentists rather than patients. But this poses serious potential problems for smaller dental practices that don’t have security measures in place or dedicated personnel to deal with such issues. All ADA members should be aware of the situation and be on heightened alert for any potential attacks or phishing attempts to obtain more data from the gang or any other threat actors to whom they may have sold the stolen information.
Smile Brands Breach 10X’s Data Theft Numbers
In another dental industry event, Smile Brands recently updated the number of affected victims impacted by a data breach in September 2021. When first reported, Smile Brands stated that a ransomware attack earlier in 2021 allowed threat actors to gain access to personal data, including names, Social Security numbers, and personal health information. The brand initially stated that the breach affected just under 200,000 people. But in the update, Smile Brand now claims that over 2.5 million individuals were affected.
That drastic increase in numbers reflects either an attack that turned out to be far worse than first discovered or an initial attempt to downplay the situation to limit negative press and save face. Either way, it’s not a good look for Smile Brands. They have since notified all affected parties and claim to be involved with an ongoing investigation. With those latest numbers, this ends up as one of the larger healthcare-related data breaches of 2021.
Health Business Goes Belly Up After Cyberattack
Another recent cyberattack shows just how quickly an affected business can go from full of potential to belly up due to a data theft event. Salusive Health, the developer of the myNurse platform, experienced a cyberattack back in March. Immediate action was taken, and an investigation revealed that attackers gained access to health patients’ personal information, including names, addresses, medical history, and health insurance information, among other data.
The attack was reported to the FBI, and Salusive also sent a breach notification letter to affected individuals. But an interesting addition to the notification letter included a notice that the company will end all clinical operations of the business by May 31, 2022. They claim that this news is unrelated to the data breach, but the timing sure makes it seem like the attack has at least something to do with it. There is no exact number as of yet regarding how many individuals have been affected by the breach, but if you or any patients have used the myNurse app, that personal information has likely been compromised.
A Look at the Healthcare Data Breach Numbers
The March 2022 Healthcare Data Breach Report, released by HIPAA a few weeks ago, reveals some trends and statistics that every provider and caregiver should pay attention to. Overall, the number of reported healthcare data breaches has fallen for the fourth consecutive month. But don’t let that create any sense of complacency. In March, there were still 43 healthcare data breaches of 500 or more records – meaning that more than one breach still occurs every day. And that’s on a good month. The 12-month average is 57.75 healthcare breaches a month – nearly two a day.
And even with small decreases in the total number of breaches over the last few months, the number of breached records is still on the rise. March saw a 36.94% increase in total records breached compared to February, meaning that compromised patient and individual data is still seeing a steady rise. Of the reported healthcare breaches in March, 25 were reported to have over 10,000 affected individuals, with the largest one affecting over 500,000 patients. These numbers prove that any size of healthcare provider or practice is a target for cybercriminals.
What Your Healthcare Practice Needs to Know
The data breaches and statistics mentioned in this article should cause alarm if your practice doesn’t have cybersecurity measures in place. Even if you do, the threat is ongoing and extensive and should be a constant reminder that cybersecurity is essential for every business in the healthcare industry and beyond. Data breach planning and response services are a must and can help you better prepare for an incident while following all rules and regulations if and when a breach occurs. You don’t want to be left without direction, and the current state of healthcare and cybercrime highlights the ever-present risk of data breaches and other issues.
LibertyID provides full service, fully managed identity fraud restoration to its subscribers. With a 100% success rate in resolving all 31+ forms of identity fraud. LibertyID Business Solutions provides Business fraud remediation, full pre-breach preparation with custom WISP protocols, post breach regulatory response, customer, and employee identity fraud restoration management, advanced employee training and third-party vendor management tools.