How Identity Theft Can Impact Your Dental Practice

Is your dental office at risk of identity theft?

Attacks on healthcare have increased in recent years, and most dental practices are unprepared.

In this article, you’ll learn the most common threats, how to prepare against them, and what you can do to protect your practice.

Why Hackers Have Started to Target Dental Practices

For years, identity thieves have preyed on individuals, banks, and large corporations.

But healthcare attacks are on the rise. Between 2019 and 2021, breaches of healthcare data increased by 51%.

In 2019, hundreds of dental practices were crippled by a devastating ransomware attack. 

It all comes down to money. Today, healthcare records are some of the black market’s most valuable commodities. If identity thieves could request a ready-made kit on their victims, it would look a lot like a patient’s dental file.

Records contain several pieces of valuable data, like a patient’s Social Security number, date of birth, address, insurance and billing details, and more.

That constellation of data makes a record worth a small fortune on the black market. While a stolen Social Security number might fetch $5-10 on the dark web, a criminal can sell a dental record for as much as $1,000.

But stealing patient information isn’t the only reason cyber criminals are infiltrating dental practices. In addition to taking patient data, hackers are resorting to one of the fastest-growing cybercrimes of all time: ransomware.

In this scheme, software scrambles all of your data, making it useless for you and your team. To unscramble it, thieves demand a ransom of anywhere from tens of thousands to millions of dollars.

Few dentists are prepared for these kinds of threats. But if you know what to look for, you can often spot an intrusion before it wreaks havoc on your practice.

How to Spot the Warning Signs of Identity Theft

There are a few telltale signs that your identity has been stolen. If you and your employee’s look out for these red flags, you can catch identity theft early and prevent some of the worst consequences.

First, look for notifications of suspicious activity on your accounts. These could be messages that someone has changed a password or attempted to sign in from an unfamiliar device or location.

Another warning sign is unusual mail about offers, credit, or accounts you didn’t create. Fraud alerts from your bank or credit card company can also tip you off to a thief fraudulently using your information.

To guard against intrusions in your practice, look for strange behavior on your accounts or notifications of incorrect passwords or access privileges. And missing patient records could be a sign of physical theft.

If you spot one of these red flags, you should take action immediately.

What to Do If You Suspect You’re the Victim of Identity Theft

A single employee’s identity theft can be the first step a thief takes to expose all the data at your practice. So every second counts.

Start by uncovering the damage. Learn what accounts have been compromised and contact any impacted companies to explain the fraud.

If you aren’t already backing up your systems and data, do so immediately. A thief could already have corrupted your files through the compromised employee, and the sooner you create a backup, the better.

And if you believe patient information has been exposed, you should report to authorities as necessary for guidance on investigation and disclosure.

Hopefully, you never have to defend against an active cyber attack. And a few simple steps can help keep your practice safe.

How to Protect against the Most Common Methods of Dental Identity Theft

Thieves are constantly learning new ways to infiltrate, so understanding how to prevent identity theft is the best defense.

  1. Use strong and unique passwords. Too many dental practices use poor password protection. Receptionists, hygienists, and dentists all use the same login. Passwords are simple and easy to remember—or worse, written on sticky notes beside the computer.

Create unique logins for each team member, each with a password at least 12 characters long. And of course, no sticky notes.

  1. Recognize phishing emails and calls. Phishing works like this: A team member gets an email or call purporting to be from someone important, like a trusted organization or supplier. The email will request the employee click a link to enter their login information, or the caller will ask to “confirm” sensitive information. But really, that data goes directly to an identity thief.

All it takes is a single employee falling prey to a phishing scam to endanger your whole business. Spend time training your staff on warning signs of phishing. Encourage them to be wary about sharing sensitive information on incoming calls, and to call the official number instead.

  1. Keep patient data safe. Thieves can collect patient data easily. It’s easy for a member of your team to set dental records on a desk and step away for a minute, or share details on a phone call within earshot of the waiting room. Treat patient data like the high-value target it is, and eliminate these easy opportunities for theft.
  1. Secure your devices. Do you or members of your team take home laptops with patient data? Or use smartphones with access to sensitive cloud storage? Or back up data on unencrypted drives?

A single stolen or lost device can expose all your patient information. Set guidelines on whether personal devices can be used, and what data your team (and you) can take home. And whenever possible, encrypt the storage you use.

Following these steps can help your practice stay protected and secure.

The Bottom Line on Identity Theft at Your Dental Practice

Busy dentists have plenty to keep them busy. From patient care to marketing to team management, there’s hardly time to think about identity theft. And that’s what cybercriminals are counting on.

Just a small amount of training and protection can make all the difference. Schedule time to make a few simple steps, like replacing weak passwords or teaching your staff to beware of phishing emails.

These small changes can make all the difference.