Dental Data Breach Response Plan

Dental Data Breach Response Plan — How To Get It Done

Even the smallest and medium-sized Dental Practices are often hit with cybersecurity attacks because many smaller practices spend less time on cybersecurity measures than large businesses.

Data breaches can damage your practices' productivity, reputation, and customer satisfaction. 


You should prepare for a cybersecurity attack by creating a full data breach response plan. A dental data breach response plan (also known as a security breach response plan or a cyber incident response plan) helps you respond to any cybersecurity attacks by laying out the steps you and your team can follow to respond in an organized, straightforward, and documented way.

Cyberattacks are the fasting growing crime in the U.S. with an estimated worldwide cost of $6 trillion annually by 2021. — via Cybercrime Magazine


Why Target a Dental Practice?


Dental practices and other medical providers store mainly patient records — a lot of data that could be used for exploitation like identity theft or health insurance fraud. Credit card data would also put a target on the systems of your dental practice’s patient payment information if you store it in your system records. Dental Data Breach Response Plans help mitigate risks and keep you in business if and when your data is exposed to any kind of attack.


Risk Assessments & Training Employees


A security assessment is a must-do to determine threats and weak points to Protected Healthcare Information (PHI). Not only is it important to find these threats, but a risk analysis is also mandatory. The HIPAA Security Rule requires Covered Entities and their Business Associates to conduct an annual HIPAA risk assessment and use security measures in order to help keep PHI safe.

Here are the first 3 things you can do to begin your HIPAA risk assessment. Your entire staff needs to be trained on HIPAA. It’s one thing to sit people down and make them watch a video — but does that really teach them what they need to know? Make the training process fun and interactive! Check out Done Desk EDU’s HIPAA Compliance In The Dental Setting training.


Need a Security Risk Assessment Tool?

www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

The Data

Sensitive data such as personally identifiable information (PII), non-public personal information (NPI), cardholder data (CD), electronic Protected Health Information (PHI), and intellectual property (IP) is what cybercriminals are after… this includes:

  • Names
  • Birth dates
  • Home addresses
  • IP addresses
  • Usernames
  • Passwords
  • Social security numbers (SSNs)
  • Primary account numbers (PAN)
  • Credit card expiration dates
  • Lab results
  • Prescriptions
  • X-rays and MRIs



NIST and SANS Dental Data Breach Response Plan Frameworks - What’s The Difference?


The main choice between these two depends on how you want to organize your staff. The National Institute of Standards and Technology (NIST) “Computer Security Incident Handling Guide” and the SANS Institute “Incident Handler’s Handbook” both set out the same steps for responding to a data security incident — they differ in how they organize their actions.


NIST takes a four-pillar approach that includes:

  1. Preparation
  2. Detection and Analysis
  3. Containment, Eradication, & Recovery
  4. Post-Incident Activity


SANS consolidates the second NIST pillar — while separating the third into three distinct categories:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned


The best way to address a data breach is to prevent it before it happens. Even the best Dental Data Breach Response Plan only reduces the risk that one will occur — it can't guarantee that one won't!

Dental Data Breach Response Plans & Insurance


You may not ever be able to completely protect your practice from a data breach. But you can be prepared to fight back quickly and with precision as soon as a breach is discovered. Your dental practice insurance needs to include data breach coverage as part of your business owner’s protection policy. Here is where you can get a quote.


​​A Dental Data Breach Response Plan is only useful if it is properly established and followed by employees. Done Desk is designed to help our partners close security and compliance gaps to avoid data breaches. A data breach can be an organization’s most stressful situation it ever handles, but it doesn’t have to be the end of your organization.

If you don’t already have an incident response plan, creating one should be your top priority. Want a personalized coaching session with a Done Desk expert to go through your Dental Data Breach Response Plan? Hire a Coach today.