Friday, 23 February, 2024

09 Dec 2022 | Australasian Dental Practice

news > Briefs > Page 28

Another day, another data breach: How NOT to become the next Medibank Private…

I've been spending a big chunk of my time over the last few weeks talking to practices who are scared to death of the potential risks from cyber attacks and rightfully so, considering these days it's not a matter of if, but when.


Some of the classic responses I get when talking about security with clients range from a complete understanding of what they need to do to achieve their goals down to a completely opposite nonchalant attitude of "she'll be right"...

  1. Hackers aren't interested in our little practice…
    BUT THEY ARE!
    It's easier to compromise 1000 smaller businesses then it is to hit one big one; if only 10% of those pay a ransom of $10,000 then that's a million dollars right there.
  2. Securing our network is too expensive...
    It's not too expensive. In the current landscape, especially with the Optus and Medibank Private breaches recently, we're going to see government agencies start to really come down on businesses that are compromised and have been negligent in securing their networks.
  3. I don't need all this security mumbo jumbo!
    You absolutely need this security mumbo jumbo.
  4. I have good backups, I'll be fine...
    That's great, however do you want to be fined if you do have a data breach?

But let's look at it from a different angle because a fine is only money.

How do you recover from the reputational damage that is caused when you have to tell all your patients that their personal and medical data has been breached and possibly out on the dark web to be sold to the highest bidder?

Cost is a big factor in a lot of the decisions that are made in regards to protection but considering the reputational damage that can be caused by a breach and losses due to downtime, it shouldn't be, provided you're investing in the right security "stack" to minimise your exposure in line with your goals.

So what should an ideal security stack look like?

Managed services

Managed services are the cornerstone of any good solution. They will usually include some form of support, anti-virus and "patch" management along with a proactive approach to looking at your hardware to minimise downtime.

HOWEVER, not all managed service plans are created equally; an ideal plan will include more than just antivirus and patch management; ideally they will be working to get your practice to an "Essential Eight" maturity level and include things like ransomware protection, persistent foothold protection and a good quality cloud backup solution.

We often put our security stack on to the networks of new clients only to find them riddled with viruses, malware and RATs.

Next-Gen firewalls

Your firewall is the equivalent of building a massive brick wall on the internet connection to your practice. Now as effective as a brick wall is at stopping things, we come across the problem of also needing to let things through it.

So we decide to put a door in the brick wall. This allows things to go through it, but now we have the problem where things are coming through it unchecked, so like a nightclub, we need a bouncer.

Although I think most of us have had a good night ruined by a bouncer at a nightclub at some point, a good one will only let in people that aren't there to ruin the party and keep out the riff-raff.

A good Next-Gen firewall will have a bouncer that checks what is going through it using live cloud databases and also study the behaviour of what that traffic is trying to do.

We recently had a discussion with a practice who pulled out one of the cheapest modems on the market and pointed to the part where it said "firewall".

Yes, it has a firewall function included, but it is only a basic brick wall with a door in it and no bouncer–basically completely ineffective and this is what we come across every day. If you have a modem provided by your internet provider, it is ineffective to protect you against pretty much everything.

At Teamwork, we recommend Cisco Meraki firewalls as they're fully cloud managed and provide one of the best levels of security for your network.

In addition to this, they will actually alert you if something is not right, for example if your internet goes down or if you have a device on your network that is doing something odd.

Spam protection

Spam is one of the key vectors of attack for any business, not just dental. By stopping the majority of spam from hitting your network, you not only increase productivity but also plug one of the biggest security holes for your practice.

Spam protection is quite inexpensive these days and using a third party such as Mailguard will not just give you industry leading protection but insights in to how much junk mail you're actually receiving, just by looking at their daily reports.

So what does it all cost to protect a five computer practice at this level?

Realistically, upfront, a good network firewall is around $2000-$3000 installed with a three year licence with all the bells and whistles.

As for the ongoing costs for the managed services and spam protection, the industry average should be around $500-$700 a month depending on the IT provider you use and the overall level of security and value they provide.

Whilst this may not be the be all and end all of your security stack, they definitely give you a great foundation to elevate the security of your network and significantly reduce your attack surface.

We believe practices should learn and understand what security they require and how it works for them.

Techniques

Surgery Design

Management

Techniques

Stream the latest dental videos...
Soap vs COVID-19: A 3D-visualisation gamifies the power of simple hygiene

Sponsored Links...

Upcoming Events...

Feb 23 2024
Feb 29 2024
Mar 06 2024
Mar 09 2024
Mar 12 2024
Mar 13 2024
Mar 13 2024
Mar 14 2024

Expodental 2024

Madrid, SPAIN

Mar 15 2024
Mar 16 2024
Mar 21 2024

ADX24 Sydney

Sydney, AUSTRALIA

Mar 22 2024
Apr 05 2024
Apr 12 2024
Apr 16 2024

Dentists Behaving 'Very' Badly

Brisbane, AUSTRALIA

Apr 19 2024
Apr 19 2024

IDEM Singapore 2024

Singapore, SINGAPORE

Apr 23 2024
Apr 24 2024
May 01 2024
May 02 2024
May 09 2024
May 11 2024
May 14 2024
May 22 2024
May 24 2024
May 29 2024
May 30 2024
May 31 2024

Scottish Dental Show 2024

Glasgow, UNITED KINGDOM

May 31 2024

Famdent Show Mumbai 2024

Mumbai, INDIA

Jun 01 2024
Jun 06 2024
Jun 09 2024
Jun 11 2024
Jun 22 2024
Jul 16 2024
Jul 25 2024
Aug 23 2024
Aug 29 2024

Practical Endodontics Workshop

Sydney, AUSTRALIA

Sep 07 2024
Sep 14 2024
Sep 26 2024
Oct 03 2024
Oct 10 2024
Oct 17 2024

ADOHTA 2024 National Congress

Sydney, AUSTRALIA

Oct 24 2024
Nov 13 2024
Nov 29 2024
Mar 25 2025

IDS 2025

Cologne, GERMANY

May 08 2025