Tag: patient confidentiality

  • When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023

    When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023

    We’ve seen plenty of examples of extreme monetary penalties occurring from data breaches, but this is the first we’ve seen of anyone actually being jailed for one.

    Vastaamo was a Finnish psychotherapy provider that was founded in 2008. While it was a sub-contractor under the government, Vastaamo like many healthcare related businesses was the subject of data breach attempts, with two additional successful attempts occurring  in 2018 and 2019. These attempts failed to be reported by the company.

    The ex-CEO Ville Tapio did report the 2020 breach to authorities, after all of their patient data was stolen by the cyber criminals. These criminals asked for €450,000 (about $.0.5 million in US dollars at the time of writing) and when that was unsuccessful, they then demanded €200 from each patient of the clinic for which they had records on. They warned this fee would increase to €500 each if the clinic did not pay within 24 hours.

    They warned the patients that after 48 hours with no payment they would be doxxed. Doxxing is when your private details are leaked online (this can include your payment information but also things like your address). In this case they were even willing to leak client session records and notes. They leaked the details of 300 patients which included politicians and police office. A 10 GB file containing the patient notes for over 2000 patients was also found on the dark web following the hack.

    While the clinic, Vastaamo, was a victim in this case authorities still looked at the overall picture when making the decision to charge ex-CEO Ville Tapio, including the previous breaches and the fact that he had insider knowledge of the company’s cybersecurity coverage (or lack thereof). He was charged with a 3-month suspended sentence and the company itself had to file bankruptcy and eventually went under.

    The severity of the breach and the companies lack of accountability when it came to cybersecurity protections made them run afoul of the GDPR (General Data Protection Regulation) which are Europe’s regulations on data protection and privacy for its citizens.

    If you’re a US based company owner it’s not a good idea to think “Well nothing like this could happen here”. California recently passed the CCPA (California Consumer Privacy Act) which allows customers more say so over the data your business collects on them. If your business has contracts with the DoD (Department of Defense) you’re probably already seeing stricter restrictions and regulations for how your business must be cybersecurity compliant to keep doing business with the government via CMMC (Cybersecurity Maturity Model Certification). HIPAA is old news for medical practitioners, but we still find many that are not compliant with the regulations.

    Suffice to say there can be blowback that extends beyond financial penalties and injuries to your business’s reputation. Small steps in protecting the data within your business can make a huge difference in the outcome you have (whether it be avoiding an attack altogether or making for an easier recovery).

    If you need creating or developing a more robust cybersecurity gameplan, Valley Techlogic is the one you’re looking for. Cybersecurity is our number one concern, and we take implementing cyber prevention measures for our clients very seriously. If you would like a consultation to learn more just visit here to get started.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Bridging the technical gap, how technology can bring your dental practice into the future

    Bridging the technical gap, how technology can bring your dental practice into the future

    Dental practitioners are not technology novices, new technologies emerge all the time that help aid patients in the care of their teeth and in advancing restoration processes to combat the effects of tooth decay (just look at the use of lasers for repairing cavities).

    However, we see all the time that our dental practice owning clients will still be stuck in the past when it comes to the rest of their technology.

    If you’re a dentist, ask yourself if the following is true:

    1. Patient records aren’t as organized as you’d like them to be, you’re either still using the old tried and true (and also slow and cluttered) filing cabinet method, or you made the digital leap but don’t have a system for protecting confidentiality. Did you know dentists can also be subject to HIPAA rules?
    2. You have an office server but it’s ancient, well past the 5-year recommend life span for a server and running a copy of Windows server that’s no longer supported by Microsoft. Anything older than Windows Server 2019 is subject to the downsides of no longer being a supported operating system (including increased cybersecurity risks).
    3. Your own system and/or your employee’s workstations are sluggish, you often hear your office assistants tell patients “Sorry, this system is just so slow!” as they’re trying to check them out after a procedure or cleaning. This is frustrating for your employees, and your patients.

    It doesn’t have to be this way. We know as a dental office owner you’re no stranger to bringing on new technologies that can improve the way you do business. Making investments in the technology you use will make your dental practice more efficient, improve the safety of your clients’ records protecting you from liability, and help you accomplish goals you may have for growing your dental practice.

    Unlike the tools you use to practice your trade, you may be a little unsure where to start. Your clients come to you for your expertise in helping them protect their teeth because you’re a trusted expert. So why wouldn’t you reach out to an expert yourself as you navigate these investments in your business?

    The move from more analogue methods, such as the trusted filing cabinet system, may be intimidating, but think of the time it will save pulling up client records and the space you will reclaim in your office.

    New servers and workstations are large investments, but the downtime that occurs when these methods just fail (and they will) is substantial. Can you afford to be potentially stuck for weeks or even months if your office server that houses everything about your business suddenly goes kaput?

    We don’t want to sound gloom and doom, but help is out there to make informed choices about these issues before they become a problem.

    Valley Techlogic can help your dental practice; we have experience with the intricacies of your business and the concerns dental providers have when addressing these complex topics.

    We can help you bring your business into compliance with HIPAA, so as you grow your business your patients can feel confident their private information is protected at your practice. Below is a chart with some HIPAA rules specifically for dentists:

    Dentist need to follow HIPAA too

    If you’d like to learn more about Valley Techlogic can be a partner in technology for your dental practice, schedule a free consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.