Cyber security – what dental practices need to know

Kabir Ahmed, commercial insurance manager at Wesleyan Financial Services, discusses the cyber security concerns every practice should plan for.

Dental practices are no strangers to managing and adapting to meet their patients’ needs. The duty of care to those they serve is paramount.

But keeping pace with the latest in practice systems and technologies can often take a back seat amongst more pressing demands of running a dental practice.

With the rise of more sophisticated cyber-attacks and the unknown implications of AI on the industry, failure to keep up when it comes to technology and cyber security exposes a significant risk. At best, a practice is lucky and doesn’t face any threats, but in a worst-case scenario, it could be exposed to serious data breaches, long-lasting reputational damage and loss of patients and contracts.

Systems and software

Many dental practices have the same operational needs. This will usually include maintaining records and having the right technology and systems in place to run the practice.

As a minimum, each practice typically has a website, a patient contact form, telephone lines, an appointment book, a mobile app, and patient login systems.

That’s just the public-facing side. Behind the scenes, there is software to manage payroll, systems to help with management finances and HR, and tools to keep track of day-to-day practice running costs.

The amount of software required is huge and will hold hundreds of thousands of pieces of data. With almost every aspect of this maintained online and essential in running a practice, it leaves dental practices exposed to fraud and cybercrime.

A two-fold threat

Cybercriminals aren’t ethical in their targeting, and attacking dental practices can be lucrative. For practices, this threat usually falls into one of two categories.

The first one relates to patients. Breaking into patient records and accessing information, particularly sensitive data, can be hugely damaging for a practice, but sadly, profitable for a cyber-criminal.

The second threat relates to the practice and its staff. There is a chance that the technology used to support the running of the practice such as appointment booking systems, or HR software for confidential staff information, can be compromised.

Not only does this pose a threat to the day-to-day operation of the business, but it can also cause considerable anguish to colleagues that may be victims of subsequent crimes.

Three steps to a more secure system

When it comes to enhancing security, the first step is looking at cyber defence. Practice managers and owners should make colleagues aware of the potential threats and challenges.

This could be as simple as not digitally recording patient information outside of official systems, or making sure everyone is adhering to best practices around updating passwords and alerted to suspicious email traffic. It can also be worth factoring in physical security too, such as keycards. Assigning responsibility to someone who will do regular security checks and share reminders with the team can be useful.

The second step is around managing your risk. Monitoring and logging incidents and near-misses may help to identify patterns or expose wider concerns that warrant a closer look. Each breach should be properly investigated to avoid it happening again.

Defending what you’ve got and having a robust plan in place to deal with it should a breach occur is essential. These plans should include clear actions to keep the practice running smoothly, plans to manage patients, and an external and internal communications plan.

The third step is around understanding what support you have in place and what extra backup you might need.  While some contracts with providers might cover you for cyber-attacks, others might not. Similarly, your contract with the NHS may cover any NHS-related data stored on NHS systems but may not extend to the same data being used on other platforms.

Take the time to understand what your obligations are in protecting the data you use and if you’re exposed speak to an insurance expert. There are also cyber security insurances available that can help provide another layer of support and advice should an attack happen.

Taking stock of vulnerabilities and putting cyber security back at the top of the agenda is critical for all practice owners. Those that need extra help should speak to an expert who can help them protect their patients and their practice.

You can review or explore cyber insurance with an Insurance Consultant at Wesleyan Financial Services. Visit wesleyan.co.uk/ commercial-insurance/cyber-insurance or call 0808 258 9315 to get started.

Wesleyan Financial Services Ltd is a broker and insurance products are provided by a number of insurers.

About Kabir

Kabir Ahmed is the Commercial Manager at Wesleyan Financial Services. The commercial team offers expert and tailored insurance advice to dental and medical professionals.

Advice is provided by Wesleyan Financial Services Ltd.

‘WESLEYAN’ is a trading name of the Wesleyan Group of companies.

Wesleyan Financial Services Ltd (Registered in England and Wales No. 1651212) is authorised and regulated by the Financial Conduct Authority and is wholly owned by Wesleyan Assurance Society. Wesleyan Assurance Society is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Incorporated in England and Wales by Private Act of Parliament (No. ZC145). Registered Office: Colmore Circus, Birmingham B4 6AR. Telephone: 0345 351 2352. Calls may be recorded to help us provide, monitor and improve our services to you.