Wednesday, 15 January, 2025

09 Dec 2022 | Australasian Dental Practice

news > Briefs > Page 28

Another day, another data breach: How NOT to become the next Medibank Private…

I've been spending a big chunk of my time over the last few weeks talking to practices who are scared to death of the potential risks from cyber attacks and rightfully so, considering these days it's not a matter of if, but when.


Some of the classic responses I get when talking about security with clients range from a complete understanding of what they need to do to achieve their goals down to a completely opposite nonchalant attitude of "she'll be right"...

  1. Hackers aren't interested in our little practice…
    BUT THEY ARE!
    It's easier to compromise 1000 smaller businesses then it is to hit one big one; if only 10% of those pay a ransom of $10,000 then that's a million dollars right there.
  2. Securing our network is too expensive...
    It's not too expensive. In the current landscape, especially with the Optus and Medibank Private breaches recently, we're going to see government agencies start to really come down on businesses that are compromised and have been negligent in securing their networks.
  3. I don't need all this security mumbo jumbo!
    You absolutely need this security mumbo jumbo.
  4. I have good backups, I'll be fine...
    That's great, however do you want to be fined if you do have a data breach?

But let's look at it from a different angle because a fine is only money.

How do you recover from the reputational damage that is caused when you have to tell all your patients that their personal and medical data has been breached and possibly out on the dark web to be sold to the highest bidder?

Cost is a big factor in a lot of the decisions that are made in regards to protection but considering the reputational damage that can be caused by a breach and losses due to downtime, it shouldn't be, provided you're investing in the right security "stack" to minimise your exposure in line with your goals.

So what should an ideal security stack look like?

Managed services

Managed services are the cornerstone of any good solution. They will usually include some form of support, anti-virus and "patch" management along with a proactive approach to looking at your hardware to minimise downtime.

HOWEVER, not all managed service plans are created equally; an ideal plan will include more than just antivirus and patch management; ideally they will be working to get your practice to an "Essential Eight" maturity level and include things like ransomware protection, persistent foothold protection and a good quality cloud backup solution.

We often put our security stack on to the networks of new clients only to find them riddled with viruses, malware and RATs.

Next-Gen firewalls

Your firewall is the equivalent of building a massive brick wall on the internet connection to your practice. Now as effective as a brick wall is at stopping things, we come across the problem of also needing to let things through it.

So we decide to put a door in the brick wall. This allows things to go through it, but now we have the problem where things are coming through it unchecked, so like a nightclub, we need a bouncer.

Although I think most of us have had a good night ruined by a bouncer at a nightclub at some point, a good one will only let in people that aren't there to ruin the party and keep out the riff-raff.

A good Next-Gen firewall will have a bouncer that checks what is going through it using live cloud databases and also study the behaviour of what that traffic is trying to do.

We recently had a discussion with a practice who pulled out one of the cheapest modems on the market and pointed to the part where it said "firewall".

Yes, it has a firewall function included, but it is only a basic brick wall with a door in it and no bouncer–basically completely ineffective and this is what we come across every day. If you have a modem provided by your internet provider, it is ineffective to protect you against pretty much everything.

At Teamwork, we recommend Cisco Meraki firewalls as they're fully cloud managed and provide one of the best levels of security for your network.

In addition to this, they will actually alert you if something is not right, for example if your internet goes down or if you have a device on your network that is doing something odd.

Spam protection

Spam is one of the key vectors of attack for any business, not just dental. By stopping the majority of spam from hitting your network, you not only increase productivity but also plug one of the biggest security holes for your practice.

Spam protection is quite inexpensive these days and using a third party such as Mailguard will not just give you industry leading protection but insights in to how much junk mail you're actually receiving, just by looking at their daily reports.

So what does it all cost to protect a five computer practice at this level?

Realistically, upfront, a good network firewall is around $2000-$3000 installed with a three year licence with all the bells and whistles.

As for the ongoing costs for the managed services and spam protection, the industry average should be around $500-$700 a month depending on the IT provider you use and the overall level of security and value they provide.

Whilst this may not be the be all and end all of your security stack, they definitely give you a great foundation to elevate the security of your network and significantly reduce your attack surface.

We believe practices should learn and understand what security they require and how it works for them.

Abstracts

From the editor

From the editor

Clinical

Stream the latest dental videos...
COVID-19 update: 16 March 2020

Sponsored Links...

Upcoming Events...

Jan 01 2025
Jan 21 2025
Feb 06 2025
Feb 07 2025
Feb 12 2025
Feb 18 2025

Siberian Dental Forum 2025

Krasnoyarsk, RUSSIA

Feb 27 2025

Maximising Recall Compliance

Live Online, AUSTRALIA

Feb 28 2025
Mar 04 2025
Mar 12 2025
Mar 15 2025
Mar 19 2025

ITI Congress Colombia

Bogota, COLOMBIA

Mar 21 2025
Mar 21 2025

ITI Congress UK & Ireland

Birmingham, UNITED KINGDOM

Mar 22 2025
Mar 24 2025
Mar 25 2025

IDS 2025

Cologne, GERMANY

Mar 29 2025
Apr 02 2025
Apr 10 2025
Apr 12 2025

ITI Congress Southern Africa

Cape Town, REPUBLIC OF SOUTH AFRICA

Apr 15 2025
Apr 15 2025
May 01 2025
May 08 2025
May 12 2025
May 22 2025

ICOMS 2025

Singapore, SINGAPORE

May 23 2025

Famdent Show Mumbai 2025

Mumbai, INDIA

May 26 2025
May 28 2025
May 30 2025
May 30 2025
Jun 07 2025
Jun 09 2025
Jun 11 2025
Jun 21 2025
Jun 25 2025
Jun 27 2025

ICOI Asia Pacific Congress 2025

Deagu, KOREA, SOUTH

Sep 13 2025
Sep 20 2025
Oct 16 2025

ADOHTA-DHAA 2025 National Congress

Gold Coast, AUSTRALIA

Mar 20 2026
Apr 17 2026

IDEM Singapore 2026

Singapore, SINGAPORE