Call Us Now 888.512.8878

For the past 6 months we've been discussing the importance of cyber liability insurance, especially for small businesses. Many business owners don't believe that a data breach will happen to them for a variety of reasons. However, a breach doesn't always come in the form of a virus. One of our insured shared her own story of a data breach in her dental practice:
Last September I read an article in CDS news about a Sacramento dentist who had his unencrypted server stolen and the difficulties and costs associated with this loss.  “Wow” I thought, “I better not let this happen to me!”  I resolved to make this my priority for 2015.

Our family enjoyed a lovely Christmas holiday, visiting my daughter, who is studying in France, in Lyon.  We indulged in delicious chocolates, scrumptious pastries, and even foie gras, a regional specialty.  Still basking in the post holiday glow, I arrived at work on Monday, January 5th, to face a stunned and white faced staff.  Our server had been stolen in the early morning hours. Fortunately, we were backed up with a service that allowed us to run our practice off the cloud server within half an hour.  That is the end of the good news.  Because the patient information was not encrypted, I had to hire a law firm specializing in data theft to help me through the various reporting processes, to take steps to protect my patients from ID theft and to protect me from potential law suits.  Additionally, I hired the consultants I originally intended to hire proactively to implement various protocols and safety measures.  Costs so far: $60,000 and counting.  Thankfully, my staff has been phenomenally supportive and have enthusiastically embraced all the new protocols.

Theft of devices such as servers, drives and especially laptops are on the rise in the medical and dental arena. This is a new growth industry because a social security number is only worth a dollar on the open market, but medical insurance information can be worth up to $500 per unit. Medical and dental insurance medical information is used to file fraudulent claims, which totals up to $10 billion per year.

Laptops are especially vulnerable to theft. They are light, highly desirable, easily concealed, and are conveniently perched on your desk where they can easily be removed in seconds.  You may also carry your laptop, and information about your patients, home with you in your car where it is also at risk. Obtain cable locks and secure all laptops to the desks where you use them and enable the encryption pre-installed by the manufacturer. Passwords will not prevent your drive from being read by a data thief.

Now let’s get to that tower you have under your desk or in the broom closet. Your livelihood depends on your server and your practice management software.  HIPPA mandates you preserve this information from loss and protect your patient’s private health information from access by unauthorized individuals.  You preserve your patient’s information by implementing back up systems in case of flood, fire, or theft.  

Protecting your patient’s data from unauthorized access can be very easy.  In fact, 90% of protection is physical security because the majority of exposures of medical/dental data occur by theft, not hacking.  Placing your server in a closet with a steel door, or a ventilated stainless steel cage bolted to the floor will deter the casual thief.  Alarming your office is insufficient because thieves can walk off with your server and laptops in less than a minute, gone long before the police get to your office.

If your thieves came armed with crowbars, sledgehammers and blow torches, and manage to steal your server, you are dealing with serious criminals who are determined to get your PHI. Only encryption of your hard drive can save you now.  Encryption is best when it is built into the practice management software from the beginning. Apple computer users have built-in encryption that is easy to enable. 

Windows based dental software was written long before cyber theft was an issue. Systems have been updated over the years, but new code is written on top of the old, like new paint and a bathroom remodel in a house whose old foundation is not up to current earthquake code.  Data obfuscation has been added to make the data harder to read but this is not true encryption and is inadequate protection. On the other hand, encryption like Bit Locker may cause your data to become unreadable to you because of the outdated code in your software.

As dentists, we are in a vulnerable situation.  Our software vendors know what our obligations to our patients are, but the business model does not support re-writing product to meet today’s demands. The ADA has printed HIPAA manuals, but there is no “seal of approval” for technologies or products and there are no clear standards. We are reliant on people we call “our IT guy” who we trust to be doing the right thing and we also openly admit we have no idea what our “computer guy” does. Our IT specialists are good at keeping our computers working, but are they aware of HIPPA requirements and how they need to help us be in compliance? 

In summary, you can easily avoid the stress and cost of a data breach with a few simple steps:

1) Physically secure your computers.
2) If your software has obfuscation capability, activate immediately.
3) Encrypt your hard drives as recommended by your own expert.
4) All users must have unique user names and robust passwords in order to log into your practice management software. This is good management anyway.
5) Screens should have timed logout enabled.
6) Do not send patient information unencrypted.
7) Have your IT provider sign a Business Associates Agreement, which makes them liable for a data breach.
8) Buy cyber liability insurance today.

We thank Catherine for sharing her story so that other dentists and professionals can understand the risks associated with doing business in today's world. For more information on cyber liability insurance or to get a quote, please visit our Cyber Liability page or contact us today at 888-512-8878.
Posted 11:00 AM

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013

View Mobile Version
CNA Logo
The Hartford Logo
Travelers Logo
Anthems Logo
Blue Shield of California Logo
Guardian Logo
Kaiser Permanente Logo
Golden Eagle Insurance Logo
Mercury Insurance Logo
Chartis Logo