You deserve an IT service provider who understands the unique demands of a dental practice. How does your provider measure up?
As far as IT services are concerned, dental practices are currently preoccupied with the end of Microsoft’s support for Windows 7, Windows Server 2008, and 2008 R2. The January 2020 deadline is fast-approaching and as I predicted in a previous article, we at TechCentral by Henry Schein One are seeing an end-of-year rush to upgrade operating systems.
The sense of urgency is not misplaced. When Windows support ends, no updates will be released for these operating systems, and hackers will be waiting in the wings to exploit vulnerabilities in unprotected systems. However, what dental practices may not realize is that hackers are ready to attack your IT service provider right now. The general school of thought among cyber criminals is, “Why waste my time on a single practice when I can go after the managed services company?”
Two recent targeted attacks on service providers were well-publicized:
- In a July attack in Oregon, hackers gained access to several dental practice networks through their IT consulting company. The consulting company was not optimistic about a full or timely recovery.
- In an August attack in Wisconsin, hackers gained access to a company that backs up digital data for dental offices across the U.S. About 400 of those offices have been affected by the ransomware attack. Recovery was a lengthy process, and according to updates posted on the company’s Facebook page, the attack had a potentially devastating impact on the business.
These incidents raise an important question: how can you be sure your dental office is protected beyond your in-office network and hardware, and that you won’t be attacked through your IT service provider?
At TechCentral, we can only answer that question based on the services we provide to our customers. We aim not only to educate our customers about the firewall, antivirus, and backup protections we offer, but also to provide transparency about the security measures we’ve taken internally to prevent hackers from infiltrating our systems and reaching protected health information.
Protecting the Entire Network
TechCentral offers many IT products and services, including computers, database servers, Wi-Fi access points, backup systems and update/patching services.
We used a layered security approach, including firewall security appliances; anti-virus and malware detection; centralized credential management; BitLocker server encryption for data at rest; wireless intrusion prevention; storage redundancy; encrypted local and cloud backups; and automated centrally managed updates.
Many of these IT services are provided through TechCentral’s “hardware-as-a-service,” including Omnicore, our all-in-one dental office network. Omnicore comes complete with a virtualized server, network-attached storage (NAS), a business-grade wireless access point, and firewall and hybrid data backup, all contained in a mobile, low-profile rack that can be rolled easily into an office.
But what about our internal “checks and balances” to protect our systems from hackers?
For example, when TechCentral acts as your external IT company, we need to access your server in order to do maintenance tasks, meaning we start a remote session. It’s imperative that we make sure these remote sessions are secure. Our internal security layers include physical, technical, administrative, backups, updates/patches, audits, and reviews.
Here are some of the specific security measures we take:
Strict Vetting Process for Partners
One of the most important things we do is vet our software partners who help us provide the aforementioned services. We want to make sure their security measures are up to our standards, and they’re doing the right thing by our customers.
Private Cloud for RMM Tool (Managed Services)
Our remote management tool (RMM) is hosted in a private cloud. It’s not a public cloud-based offering, which would be more prone to attack.
Geo-Blocking
Hackers from around the world have learned how to spoof IP addresses. If you’re going to access our RMM, you must have a U.S.-based IP address. If you’re overseas and don’t know our IP addresses, you can’t get into our system. We go through great lengths to hide our IP addresses so it’s harder to find out where we are to attack us.
Centralized Credential Management (Domain-Specific)
TechCentral has restricted access to tools and portals in our internal Henry Schein domain. If you’re not an authorized user on one of our building’s networks or through VPN, you’re not getting access to the tools. We block the connection, preventing hackers from accessing our network and attacking our customers.
Multi-Factor Authentication
Before our team members can access the RMM, they have to provide multiple credentials through a process known as multi-factor authentication (MFA). According to the National Institute of Standards and Technology, MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that requires you to present two pieces of evidence—your credentials—when logging in to an account. Credentials fall into three categories: something you know, like a password or PIN, something you have (smartphone), or something you are (fingerprint). Your credentials must come from two different categories to ensure security, so entering two different passwords would not qualify as multi-factor.
Job & Tool Segmentation and Credential Refresh
Say an employee is managing imaging for a customer, but we’d like to move him/her over to work on a customer’s network. To improve security, we create a segmentation of duties and network-access control of passwords. When he/she moves jobs, his/her credentials are refreshed.
Customer Segmentation
Let’s say an IT service provider gives one of their employees access to all of their customer-service sites. Hackers often search the Internet for username and email credentials. They then set up servers and run programs to see if you have a complex password. In some cases, it may only take them a couple of hours to hack credentials. If a hacked account has access to all customers, that’s a huge problem, as the hacker is now able to encrypt all customer data.
This is why at TechCentral, as a national service provider, we have employees that work on Dentrix Enterprise, imaging, solo practices, backup, and server maintenance, and we segment their duties. If one employee’s credentials are compromised, the hacker won’t gain access to our entire installation base of thousands of dental practices.
Storage Redundancy and Encrypted, Local, Cloud Backup
One of our hardware customers, who is not an IT customer, was recently attacked by crypto-ransomware. In this case, the customer didn’t have historical backup, which surprised me. In fact, all of this customer’s copies were bad. It was apparent that the IT service provider didn’t vet their partners properly and didn’t keep up-to-date with security measures. At TechCentral, we make sure our customers have backups on the machine, locally in a hard drive, as well as in the cloud, and there’s also a fourth copy that’s stored in another remote location.
Multi-Step Patch Management Approval Process
Microsoft can make mistakes with Windows Updates. Recently, Microsoft released a Windows Update patch that triggered the BitLocker encryption feature within Windows and prevented some practices from accessing their own data. This is why TechCentral uses a multi-step patch management approval process to ensure patches are tested before being released to our customers.
Random Vulnerability Testing and Continuous Process Improvements
We ask a third-party security company to come in monthly and do random testing so we can improve our security features on all fronts.
As I frequently tell customers concerning their IT, “don’t be complacent and don’t get arrogant.” If you get complacent about IT security, you become lazy. Meanwhile, cybercriminals are becoming more intelligent about who is most vulnerable. Dental practices, as well as their IT service providers, must continue to take precautions and review processes to ensure that their network security can properly defend against these hackers
That’s exactly why TechCentral developed Omnicore, our all-in-one network infrastructure solution, which provides all essential network hardware and IT services to make sure your office network is always up to date. With OmniCore, you can focus on delivering excellent patient care, without having to worry about your IT solutions.
Learn More
If you’re not certain of where your dental practice IT security stands, give TechCentral a call and get a free assessment. We’re a one-stop IT partner for dentists, able to take care of all your network needs, from upgrading your OS, to replacing old workstations and software, to setting up IT equipment and remotely monitoring it. If your network is at risk, we’ll work with you on an upgrade plan to ensure your practice is protected, sooner rather than later.
Visit www.henryscheintechcentral.com or call us today at 844.206.1228.
By David Broom
David Broom is Senior Director of Product and Business Development. David has a master’s degree in Information Technology (IT) from the University of Texas in Dallas and has more than 35 years of experience from many global companies, such as Hitachi Vantara, Methode Electronics, and Keane Inc. In his current role, he is responsible for all aspects of the product management and field service teams at Henry Schein TechCentral, which identifies the ideal advanced technologies to meet the unique needs of the dental market and ensure that dental offices are using the right IT to be more efficient and effective.
Originally published in Dental Product Shopper, October 28, 2019
Certain components of the products or services described above are provided by third parties. Henry Schein One and its affiliates are not responsible for, and expressly disclaim, all liability for damages of any kind arising out of the use of those third-party products or services.
