Technology and IT systems are slowly taking center stage within the healthcare industry. The pressure of legislation, growing volume of patients and need for enhanced documentation have been the main drivers for IT adoption. Practices are deploying everything from EHRs to practice management systems in a bid to streamline processes. Not everyone has reaped the benefits of the move to software but practically everyone agrees that older paper-based systems cannot keep up.
The Switch to Cloud Services
Most first generation EHRs and PM software were premise-based systems. Practices had to purchase hardware, software licenses and maintain the systems on their own. Today most of these software tools are cloud-based and delivered through the Internet. The shift to the cloud has brought many benefits for practices:
- Lower costs because of subscription-based models
- No maintenance as provider takes care of everything
- Ease-of-use due to improved interface design
- Automatic and real-time backup of data
- Quicker access to new features thanks to seamless updates
What Can Happen to Your Systems with Phishing Attacks
The switch to hosted EHR software has its fair share of problems as well, security being one of them. Dental clinics assume that the service provider will take care of everything including securing the network infrastructure. The reality is that the vendor has no control over the actions of your staff or the internal network. Criminals don’t necessarily have to attack the servers where your data is located. A simple phishing email to one of your employees can give them access to all your systems.
What exactly is a phishing attack? Phishing is a type of cybercrime that involves sending mass emails to users where the sender masquerades as a legitimate business such as a bank or utility firm. The user is prompted to click on an email or dial a phone number to resolve problems with their account. Unfortunately the link takes them to a malicious website that steals usernames and passwords.
Suppose one of your employees falls victim to such a phishing attack. With the user credentials in their hands, the criminal can log into the system and create havoc. They can also change the password and lock legitimate users out of their own accounts. Most service providers will send password reset links to your email address. If that password is compromised, you might not have any means to prove you are the legitimate owner of the address.
Are Your Systems Are Susceptible to Phishing Attacks?
The unfortunate truth is that there is no special tool or software that can protect against phishing attacks. All practices are vulnerable to such attacks to various degrees. The best defense is user education and awareness. The key to a successful phishing attack is for the user to click on the link and give away their confidential information. Alert users who do not click on links from suspicious emails or unknown senders are less likely to fall for a phishing attack.
It may seem burdensome to introduce more awareness or training sessions for your employees. But security awareness campaigns are just as essential as the EHR training itself. The problem with phishing attacks is that criminals have a massive advantage. They can send out thousands of emails within a few minutes. But all it takes for your systems to fall is one person clicking on the wrong link. Therefore user education should be a crucial part of defense security measures for your IT systems.
The reliance on hosted systems or cloud computing is a double-edged sword. It brings with it many benefits but also has a few drawbacks. Be a security conscious dental practice and train your employees to put security over convenience at all times.
