Increase Your Cyber Threat Knowledge as an Orthodontist

Because of the sensitive patient data collected, healthcare professionals and organizations face an increased risk of cyber attacks.

In the past few years, there have been big attacks against healthcare organizations, which have led to compromised patient data, disruption in patient care and increased industry scrutiny. As a result of these attacks, numerous lawsuits have been filed against healthcare organizations, and there is now greater focus on improving cybersecurity practices. Consumers, lawmakers, regulators and insurers are all paying closer attention.

To help orthodontists grasp the current state of cyber risks, we’ve compiled recent statistics about cybercrime and helpful information about cyber attacks.

Cybercrime By the Numbers

There are some big numbers thrown around when talking about cybercrime and the impact of attacks. Unfortunately, these numbers continue to rise.

25%

The share of global healthcare business leaders who said they are unprepared to face the current cyber threat.¹

46%

The share of breaches involving stolen or compromised customer personal data.²

70%

The share of organizations that experienced a significant or very significant disruption to business because of a breach.³

258 days

The mean time it took to identify and contain a cyber breach.⁴

500 individuals

The number of individuals affected by any breach that requires healthcare businesses to report the incident to the Office for Civil Rights.⁵

$487,000

Average cost of business interruption after an attack for small and mid-sized businesses.⁶

$9.77 million

The average breach cost in the healthcare sector—the most expensive for all industries.⁷

Phases of a Cyber Attack

Understanding the phases of a cyber attack can help orthodontic practices better prepare and respond to potential threats. Although attackers are constantly looking for new vulnerabilities to exploit, they typically follow a three-step process:

1. Preparing the attack

The attacker gathers information about your practice to find weak points and ways to infiltrate your systems. To exploit those weaknesses, the attackers create harmful software to deploy through a variety of methods, including phishing, misuse and/or misconfiguration of Remote Desktop Protocol, missed patches, removable media, and pirated software.

2. Launching the attack

Once there has been a compromise to allow entry, the threat actor can then move through the network, view and exfiltrate sensitive data, lock files and disrupt operations. The attacker will install programs to maintain control over the system and ensure continued access.

3. Extorting your practice

The threat actor will then demand payment to provide decryption keys and/or not release the sensitive information to the public. This new cyber landscape is marked by more sophisticated attackers, multimillion-dollar ransom demands, significant data compromises and business interruption claims.

Regardless of size or location, any orthodontic practice can fall prey to potentially costly attacks. In the next section, we cover how your practice can prevent an attack, how to detect an incident and how to respond if an attack occurs.

Additional Cyber Resources from Lockton Affinity

Lockton Affinity, administrator of the AAO-Endorsed Insurance Program, has a robust library of risk management resources, including resources dedicated to increasing your cyber knowledge. Because we know that increasing your cyber threat knowledge isn’t a one-time thing; it’s an ongoing commitment to safeguarding your practice, your patients and your peace of mind.

Some additional resources that may be helpful include:

• Cyber 101 whitepaper
• Cyber terms glossary
• How to respond after a cyber attack
• FAQs about Cyber Liability insurance

Questions about cyber threats, Cyber Liability insurance or other risks your practice faces? Contact Lockton Affinity’s helpful representatives today.

1 Beazley Spotlight on Cyber & Technology Risk 2024: https://www.beazley.com/en-US/news-and-events/spotlight-on-cyber-and-technology-risks-2024/

2,3,7 IBM Cost of a Data Breach Report 2024: https://www.ibm.com/reports/data-breach

4,6 Net Diligence 2024 Cyber Claims Study: https://netdiligence.com/cyber-claims-study-2024-report/

5 Submitting Notice of a Breach to the Secretary: https://www.hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.html