Cybersecurity: Safeguarding Personal Identifiable Information (PII)

Cybersecurity is the hot topic nowadays. With more threats – and more regulations to counter those threats – becoming a reality, it is crucial for businesses (from small to large) to begin strategizing a cybersecurity program.


Dentists and Physicians are targeted too!

People tend to believe that large corporations are only at risk for breaches, which is not true. Yes, larger companies are targeted more often; however, small businesses and dental & physician offices are more vulnerable due to their smaller or non-existent budget for IT security. In fact, dentists and physicians are beginning to become more targeted now due to the information a hacker can obtain using minimal effort.


As stated in a Dentist iQ article:

Many dentists believe that cyber criminals are not a threat to their small dental offices. However, when choosing between a large corporation or bank with security teams and firewalls, or a dental office with no firewall or security team, a dental practice will become the target. In fact, many hackers specifically target small dental offices because they believe small businesses don’t have the resources for sophisticated security devices and do not enforce employee security policies.


Cyber criminals striking gold

Personal Identifiable Information (PII) is equivalent to gold for cyber criminals. As stated by Medical Economics, “To criminals, your practice’s most valuable asset isn’t a high-tech medical device or a pricey piece of diagnostic equipment. It’s your patient records.” Physicians and dentists maintain plenty of patient records, which contains PII. This information allows for cyber criminals to steal patients’ identities. Identity fraud is steadily growing, with 2016 being a record year. According to the 2017 Identity Fraud Study, which was released by Javelin Strategy & Research, $16 billion was stolen from 15.4 million U.S. consumers in 2016.


Better practices

To combat the cyber criminals, dental and physician offices need to implement better practices. There should be policies and procedures in place around the protection of patient records. There should also be controls in place to govern the security of applications and third-party vendors that either maintain or have access to patients’ PII. Examples of areas your IT controls should cover are: password complexity, firewall settings, third-party vendors’ security environment, and etc. Lastly, dental and physician offices should consider seeking assistance from third-party advisors, to assess their cyber risks.


By Shanee Yelder


Oberman, S. J., Esq. (2015, February 24). Cyber security new necessity for dental practices. Retrieved May 22, 2017, from
Pascual, A., Marchini, K., & Miller, S. (2017, February 01). 2017 Identity Fraud: Securing the Connected Life. Retrieved May 22, 2017, from
Pratt, M. K. (2016, June 25). How cyberattacks can impact physicians. Retrieved May 22, 2017, from