🔦Cyber Story Spotlight

In today’s perilous digital landscape, CTOs, IT Directors, and similar positions play a critical role for ensuring their organization’s cybersecurity. However, they often face significant challenges, especially when working with budget limitations.  The rapidly changing cyber threats require constant updates to their security strategies, which can be resource-intensive for these senior IT professionals. Compounding this challenge is the shortage of skilled security professionals. The demand for experienced CISOs and CISSPs far exceeds the available talent pool.

Engaging External Expertise

Cybersecurity is a highly specialized and constantly evolving field. Experienced cyber professionals bring invaluable insights and impartial assessments to better protect organizations from the constant threat of cyberattacks and ransomware.

When asked why he engages with outside cyber help, Dan Prestegaard, CTO of Specialty Dental Brands, stated “It is incredibly difficult to find security professionals. We need people who are hyper focused on cybersecurity and who stay up to speed on the latest threats. Better to have a third-party bring that level of expertise to the table.” 

External professionals provide an unbiased, objective assessment of an organization’s security posture, which is invaluable in identifying and addressing vulnerabilities.

Regulatory Compliance

Senior IT professionals within DSO organizations face the difficult task of ensuring that their organizations comply with various cybersecurity and HIPAA regulations which can be complex and time consuming. External security professionals can play a vital role in ensuring compliance while reducing legal and financial risks. By assisting DSOs in developing risk registers, prioritizing risks and recommending appropriate mitigation strategies, external partners can help contribute to compliance efforts and reducing legal and financial risk.

Budgeting for Increased Security is A Must!

C-Suite executives within DSO organizations must budget for preventative cybersecurity to help protect patient data, ensure continuity of critical operations, maintain trust and business reputation while complying with regulatory requirements. Security must be recognized as a business imperative even if it requires a slight increase in IT expenditure. This could potentially end up saving a DSO millions of dollars in lost revenue, recovery expenses, ransom payments, patient notification, and legal fees.

Andy Taylor, Senior Director of IT for Dentive, stated, “Effective cybersecurity is required for all businesses in the healthcare space. As a holding company, we need to be great partners and find and recommend great strategies for the 100+ small businesses who we are partnered with. The tools that my third-party security provider has deployed on our systems, give me much greater visibility than I had before. I can actually track and keep a tally of attacks that were launched against some of our businesses. If even one of those attacks were successful, it would have cost our organization more money than we will ever spend on preventative security. That fact alone makes it easier for me to justify what I ask for when submitting my IT/security budget. I can emphatically state that I sleep better at night after partnering with a third-party cybersecurity provider.”  

The Collaborative Approach

A robust and effective preventative cybersecurity solution is a collaborative effort. Supporting both internal and external resources equips organizations with the necessary tools and insights to enhance their overall security posture. Collaboration starts at the top, with leadership providing the necessary support to empower IT teams in safeguarding your business.

---

🚨Recent notable healthcare cyber incidents:

8 Base Ransomware Victim: New Boston Dental Care. New Boston Dental Care, PLLC, a dental practice with nearly 40 years of experience in New Hampshire, has recently fallen victim to a significant data breach. On May 13, 2024, sensitive information was illicitly accessed and downloaded by unidentified threat actors. The compromised data includes a wide array of confidential materials such as invoices, receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements, and personal files. The breach exposes the extensive and sensitive nature of the information maintained by the practice, highlighting the urgent need for enhanced cybersecurity measures to protect patient and employee privacy in the future.

RansomHub Ransomware Group Adds American Clinical Solutions to Data Leak Site. The RansomHub ransomware group claims to have stolen the data of more than 400,000 patients in an attack on American Clinical Solutions (ACS), a Boca Raton, FL-based provider of urine and oral fluid drug confirmation testing services. According to the listing on the data leak site, RansomHub breached ACS’s systems in mid-May and stole the data of individuals who had samples tested for prescription and narcotic drugs.  According to Marco A. De Felice of SuspectFile, the exfiltrated data includes 35 GB of medical records. The documents examined by De Felice included the full name of the patient, their date of birth, gender, patient ID, doctor’s name, name of the clinic that requested the test, and the laboratory results, with some files also including policy numbers, Social Security numbers, insurance data, and phone numbers.

MOVEit Data Breach Triggers Class Action Against Delta Dental. According to the 75-page lawsuit, the San Fransico-based dental insurer announced in December of last year that it was among the ranks of thousands of organizations affected by a massive cyberattack that targeted MOVEit, a popular file transfer platform. Cybersecurity software company Emisoft reports that the Delta Dental data breach has impacted over 6.9 million individuals, making it the third largest MOVEit-related incident to date. The complaint contends that Delta Dental not only failed to secure member data from unauthorized access but also waited more than five months after discovering the incident, in early June, to notify affected individuals around December 15.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.