Cybercrime is on the rise, and Black Talon Security provides the services DSOs need to be well prepared and minimize their vulnerability to attack.
Patient Prism’s CEO, Amol Nirgudkar, interviews Gary Salman, CEO of Black Talon Security, during the July 2022 Dykema Definitive DSO Conference in Denver, Colorado.
“DSOs can't ignore cybercrime. When COVID hit, the ransomware went through the roof because criminals exploited weakness. Now, with economic headwinds, we're potentially facing another uphill battle with cyber events.” –Gary Salman, CEO of Black Talon Security
“A lot of us don't think about these threats until something bad happens, and the cost of reacting to something bad is immense. We’ve seen examples this year of dental practices being shut for a month from ransomware,” says Amol Nirgudkar.
Gary Salman reports that in a cyber-attack, operating systems are shut down, computers are damaged, and computers may not reboot properly. Hackers download the system data immediately so they can threaten to leak your data and extort money from you.
“They offload all records—the x-rays, insurance cards, driver's licenses, you name it. And then what they do is they tell the DSO they will leak all their patient data if they don’t pay the ransom. They may leak 10% of the data so the DSO realizes the severity of the problem,” says Salman.
What are the costs of a cyber-attack?
“If the DSOs are not prepared, they are down for weeks. And even some of them that are prepared, are down for 10 to 14 business days because it takes time to bring these systems back up, and the reality is that you must rebuild the computers from scratch,” says Salman. "Imagine having to wipe every single computer that's been impacted in your environment. Many DSOs have all their offices connected nowadays. They strike one physical location, and sometimes within hours, every location gets taken down.”
“This is expensive from all angles, loss of revenue, loss of patients, legal fines… It could be in the hundreds of thousands of dollars,” says Nirgudkar.
“It could actually be in the millions of dollars for a DSO,” says Salman.
What does Black Talon Security do to prevent this?
Black Talon starts with a security assessment
Black Talon Security assesses how a DSO operates, its network topography, where the data is stored, and who has access to that data.
“People forget how many systems are connected to patient data,” says Salman. “We have x-ray imaging, diagnostic and treatment records, text messaging, billing systems, insurance claim systems, scheduling, contact information, drivers’ licenses, insurance card information… lots of data, and points of interaction. There is also a third-party risk through vendors.
“If your vendor has a breach, the way HIPAA laws are written, the doctor and DSO still own the breach. So, we start with this security risk assessment, which is also required for HIPAA compliance. And then from there, we start deploying our toolsets. And what we're really doing is we're trying to understand what's called their attack surface.
“If you have a person, maybe even a practice administrator, who is working from home. They're sitting behind a cable modem. Suppose their kid's computer is connected to the same network that the administrator is and that machine gets hit. In that case, the malware moves from the child's machine to that practice administrator's machine, which is connected to VPN, and the malware goes right into the corporate environment.”
Black Talon Security does vulnerability management
“We identify and risk-rank the vulnerabilities. And then we work with either the DSO's internal IT team or external team to close those vulnerable doorways into their network, and we scan their network every four hours to identify entry points that hackers can exploit,” says Salman.
"Black Talon Security has a training platform that educates the doctors and teams on phishing, spear phishing, and other types of ways hackers are using text and email to socially engineer the doctors and employees to give up access to the network.
"In addition to training and vulnerability scanning, we do penetration testing where ethical hackers will try and breach the network. They assume the role of a criminal who doesn’t have passwords and they attempt a breach."
What do Black Talon Security services cost?
Black Talon Security charges around $200 per month per location of typically 15 to 20 computers. “That’s not costly,” says Salman, “if you look at what you would pay per month for all the compliance, security, and access to our certified security professionals (CSPs), who are credentialed, security engineers. For a lot of our DSOs, we provide virtual chief information security officers. Those individuals' salaries are high, and many DSOs don't want to float that kind of salary within their organization.”
Nirgudkar says, “A cybersecurity company keeps your systems running so you can produce and your data safe from HIPAA violation. The costs of a ransomware attack, including the legal penalties that could arise, are much too high for you to assume that your internal IT team has everything under control.”
“We really are specialists in this industry, from a security standpoint,” says Salman.
Black Talon Security experts understand the dental business and DSO space within dentistry. They are familiar with all the different practice management systems and software functions within dental practices. They are currently monitoring 26,000+ computers in the dental industry.
Book a demo with Black Talon Security or call 800-683-3797.
“Hopefully, most of our clients pay attention and whoever else is listening to this video. Just somebody hacking your email is so painful. Somebody hacking your Facebook is so painful. Imagine them hacking your entire network of patients and everything else. Act before it's too late.”
–Amol Nirgudkar, Co-founder & CEO of Patient Prism