Dr Tim Bradstock-Smith considers the threat of cyber attacks on dental practices
Cybercrime is a prolific, global problem. Once committed mainly by individuals or small groups, it is now big business for complex networks of organised criminals with highly sophisticated strategies for committing cyber-related crimes on an unprecedented scale. Designed to maximise profit in the shortest possible time, it seems that healthcare records containing confidential personal data are lucrative targets and as reported by the media, ‘Ransomware’ has affected a large number of hospitals around the world.
Ransomware is a relatively simple idea. It encrypts data on a device or network of devices and demands a ransom from the victim(s) in order to regain access. For obvious reasons, industries and organisations most likely to suffer from these crimes are targeted, and in the last year 30% of NHS trusts have fallen victim to Ransomware attacks. For example, Imperial College Healthcare NHS Trust was targeted 19 times in twelve months and, over a four-day period Northern Lincolnshire and Goole NHS Foundation Trust was forced to cancel 2800 appointments and operations. It has since been suggested that Ransomware criminals may soon set their sights on smaller targets such as GP surgeries, private medical centres and dental practices.
Most dental professionals are aware that opening suspicious emails, clicking on random links or downloading insecure files can compromise security or even release malicious computer codes, software, viruses or worms that could reproduce themselves and attack the computer system. All designed to damage, disrupt or gain unauthorised access, these are well known threats, but they are certainly not rare. Last year, security researchers discovered an average of four to five new malware variants every second.
What is even more worrying is that Ransomware users do not just use malware variants. These criminals are able to launch attacks that do not require downloads and are able to use the tools and software that just runs in the memory or already exists on a victim’s device(s).
Of course, dental practices have strict protocols in place to protect confidential information and according to the Data Protection Act 1998 (DPA) dental professionals must ensure that dental records are accurately created, carefully and securely maintained and also disposed of appropriately. Similar obligations are detailed in the GDC Standards for the Dental Team to ensure patient information is correctly protected and any unauthorised access is strictly prohibited. It is important to remember that if confidential electronic patient information, images or radiographs need to be sent or transferred to another professional or location, a secure, encrypted method must be used.
For example, when referring a patient to another professional it is imperative to confirm that all patient information remains confidential and secure. I'm pleased to say that by using a dedicated referral centre such as the London Smile Clinic, practitioners can be assured that all data and images remain strictly confidential and are never shared with a third party. There is a robust information security policy and members of the London Smile Clinic team are trained in the professional and legal responsibilities of receiving, submitting and maintaining personal data and clinical records.
In addition, the highly qualified dentists and specialists can be trusted implicitly and the London Smile Clinic has set out a referral charter to ensure that referring practitioners can be confident about the level of care, attention and clinical expertise their patients receive.
As cybercrime continues to evolve, it is critical to remain careful and attentive to IT security. Currently, dental professionals can consult The National Data Guardian’s ten Data Security Standards which can be found HERE. Practices should also implement a strategy to protect IT systems from common cyber threats with a security framework such as the Government’s Cyber Essentials, available at https://www.cyberaware.gov.uk/cyberessentials/
For more information about the London Smile Clinic call 020 7255 2559 or visit www.londonsmile.co.uk/refer
Dr Tim Bradstock-Smith is principal of the London Smile Clinic, an award-winning centre of excellence in dentistry based in Central London. The Clinic offers an extensive range of services, including specialist orthodontics, implant dentistry and dentures.