Fraudulent activity on your practice credit card
There are few more dreaded phone calls than the one from the bank reporting “fraudulent activity” on your credit card used for your practice.
If the aftermath is terrible for an individual, the awful consequences jump exponentially for a dentist’s office. It’s no wonder – but alarming – that smaller health professional offices are considered easy pickings. Savvy internet thieves troll vulnerable health databases for valuable financial information, Social Security numbers, even confidential health information that can be sold on the “Dark Web,” used to acquire medical equipment or drugs that can be resold, and even to make fraudulent insurance claims According to John Marks, chief operating officer of DentalROI, cyber criminals are focusing on the electronic heath records of patients because “they view dental websites as soft targets, compared with big corporations or banks.”
He detailed the 2015 “break-in” at an Oregon dental practice where the personal details of more than 150,000 patients were stolen when data thieves infected the office computer system with malware. The practice offered theft protection and credit monitoring to its patients, but the true costs in lost privacy and trust were incalculable.
Electronic Health Records “provide a versatile haul for criminals,” Mr. Marks wrote for DentistryIQ in 2017, “typically worth ten times more than financial information on its own, because stolen EHRs can be bundled up in different packages that attract high levels of attention from predators scouring the Dark Web for sensitive information they can sell on an ongoing basis.”
The risk for data exploitation is real, but thankfully there are steps to be taken to protect important information – both your patients’ and your own business records.
In keeping with HIPAA mandates, health offices should already be conducting a Security Risk Assessment every year, according to Thomas Grover, of Henry Schein TechCentral. The SRA will identify potential risks and recommend solutions to strengthen your data protection systems, which could be in the form of security software for your own office server or data storage in the Cloud.
There are several considerations. Cost and time investment are always factors for a small business, but that should be weighted against obvious and hidden costs of a data breach: legal fees, remediation, possible fines are all hits on your bottom line, but the loss of your patients’ trust in your practice is, as they say, priceless and probably irreplaceable.
Next month, we’ll explore data security options, including the pros and cons of data storage in the Cloud.
Photo by Matjaz Slanic, https://www.istockphoto.com.
The views expressed in this column are those of the writer and not necessarily the opinions of the Chicago Dental Society.
CDS presents Front Desk, a column addressing issues facing dentists and staff members experience in the office.
Front Desk is prepared by Stephanie Sisk, a freelance journalist.