References

  1. Perkins Coie. Security Breach Notification Chart. 2018 Jun. Accessed March 28, 2019.
  2. BakerHostetler. State Data Breach Law Summary. 2018 Jul. Accessed March 28, 2019.
  3. Foley & Lardner LLP. State Data Breach Notification Laws. 2019 Jan 28. Accessed March 28, 2019.
  4. HealthIT.gov. Privacy, Security, and HIPAA. Security Risk Assessment. 2019 Mar 20. Accessed March 28, 2019.
  5. HealthIT.gov. Privacy, Security, and HIPAA. Security Risk Assessment Tool. 2019 Mar 20. Accessed March 28, 2019.
  6. HHS.gov. Health Information Privacy. Guidance on Risk Analysis. 2017 Mar 9. Accessed March 28, 2019.
  7. PCI Security Standards Council. Accessed March 28, 2019.
  8. American Health Care Association. HIPAA Policy and Procedure Manual. Accessed March 28, 2019.
  9. HIPAAgps. Templates. Accessed March 28, 2019.
  10. Stanford University IT. HIPAA Security: Contingency Planning Policy. 2016 May 04. Accessed March 28, 2019.
  11. HealthIT.gov. Privacy, Security, and HIPAA. Security Risk Assessment. 2019 Mar 20. Accessed March 28, 2019.
  12. HHS.gov. Health Information Privacy. Guidance on Risk Analysis. 2017 Mar 9. Accessed March 28, 2019.
  13. NIST. Cybersecurity Framework. Accessed March 28, 2019.
  14. HITRUST Alliance. Common Security Framework. Accessed March 28, 2019.
  15. RouterPasswords.com. Accessed March 28, 2019.
  16. Rubenking NJ. The Best Encryption Software for 2019. PCMag.com. 2019 Mar 05. Accessed March 28, 2019.
  17. Harris D, Askins W. Embezzlement – What Every Brilliant Clinician Should Know. OralHealth.com. 2017 Jun 01. Accessed March 28, 2019.
  18. ADA. Protecting Your Dental Office from Fraud & Embezzlement. Accessed March 28, 2019.
  19. Cimpanu C. Hackers Used Legitimate Apps to Attack Banks and Governments in 40 Countries. Bleeping Computer. 2017 Feb 9. Accessed March 28, 2019.
  20. HIPAA Journal. HIPAA Compliant Email Providers. 2017 Dec 22. Accessed March 28, 2019.
  21. TrustRadius. Email Encryption Software. Accessed March 28, 2019.
  22. Krebs B. Target Hackers Broke in Via HVAC Company. Krebs on Security. 2014 Feb 05. Accessed March 28, 2019.
  23. Trend Micro. Follow the Data: Dissecting Data Breaches and Debunking the Myths. 2015 Sep. 22. Accessed March 28, 2019.
  24. Flexera. Software Vulnerability Manager. Accessed March 28, 2019.
  25. KC Softwares. SUMo Software Update Monitor. Accessed March 28, 2019.
  26. Patch My PC. Accessed March 28, 2019.
  27. SecTeer. VulnDetect. Accessed March 28, 2019.
  28. Microsoft. BitLocker. 2018 Jan 25. Accessed March 28, 2019.
  29. Columbia University Medical Center. Infromation Technology. FileVault 2 for Macintosh. 2019 Jan 03. Accessed March 28, 2019.
  30. Rubenking NJ. The Best Encryption Software for 2019. PCMag.com. 2019 Mar 05. Accessed March 28, 2019.
  31. HHS.gov. Fact Sheet: Ransomware and HIPAA. Accessed March 28, 2019.
  32. Jeffers J. How WannaCry Ransomware Crippled Healthcare. InfoSec Institute. 2018 Mar 29. Accessed March 28, 2019.
  33. Becker's Hospital Review. Health Information Technology. 12 healthcare ransomware attacks of 2016. 2016 Dec 29. Accessed March 28, 2019.
  34. Apple. Support. Track and find your missing Apple device. Accessed March 28, 2019.
  35. Google. Find My Device. Accessed March 28, 2019.
  36. Where's My Droid. Accessed March 28, 2019.
  37. Ferrill P. The Best Mobile Device Management (MDM) Solutions for 2019. PCMag.com. 2018 Jan 08. Accessed March 28, 2019.
  38. Rubenking NJ. The Best Android Antivirus Apps for 2019. PCMag.com. 2018 Dec 27. Accessed March 28, 2019.
  39. Signal. Accessed March 28, 2019.
  40. Rubenking NJ, Eddy M. The Best iPhone VPNs for 2019. PCMag.com. 2019 Mar 05. Accessed March 28, 2019.
  41. Eddy M, Moore B. The Best Android VPNs for 2019. PCMag.com. 2019 Mar 13. Accessed March 28, 2019.
  42. Kissel R, Regenscheid A, Scholl M. Guidelines for Media Sanitization. NIST Special Publication 800-88. Revision 1. 2014 Dec. Accessed March 28, 2019.
  43. California Dental Association. Phone scam targets California dental practice. 2018 Jun 25. Accessed March 28, 2019.
  44. Sword A. Phishing attacks explained: What they are and how to stop employees from taking the bait. Computer Business Review. 2016 Mar 09. Accessed March 28, 2019.
  45. Reilly CE. W-2 Email Scam Finds More Victims in 2017. Payroll Blog. Bloomberg Tax. 2017 May 19. Accessed March 28, 2019.
  46. FBI. Business E-mail Compromise The 12 Billion Dollar Scam. Alert No. I-071218-PSA. 2018 Jul 12. Accessed March 28, 2019.
  47. Marzulli J. Manhattan couple sues lawyer for allegedly neglecting to protect them from hackers who stole $1.9M. New York Daily News. 2016 Apr 18. Accessed March 28, 2019.
  48. IRS.IRS Urges Public to Stay Alert for Scam Phone Calls. 2015 Oct 21. Accessed March 28, 2019.
  49. California Dental Association. Phone scam targets California dental practice. 2018 Jun 25. Accessed March 28, 2019.
  50. Nomorobo. Accessed March 28, 2019.
  51. Verizon. Verizon 2018 Data Breach Investigations Report. Accessed March 28, 2019.
  52. Beazley Group. Beazley breach insights - July 2017. 2017 Aug 01. Accessed March 28, 2019.
  53. Krebs B. Target Hackers Broke in Via HVAC Company. Krebs on Security. 2014 Feb 05. Accessed March 28, 2019.
  54. Kissel R, Regenscheid A, Scholl M. Guidelines for Media Sanitization. NIST Special Publication 800-88. Revision 1. 2014 Dec. Accessed March 28, 2019.
  55. Forcepoint. Web Filter - URL Filtering. Accessed March 28, 2019.
  56. Electronic Frontier Foundation, HTTPS Everywhere. Accessed March 28, 2019.
  57. Verizon. Verizon 2016 Data Breach Investigations Report. Accessed March 28, 2019.
  58. RouterPasswords.com. Accessed March 28, 2019.
  59. Schneier B. Changes in Password Best Practices. Schneier on Security. 2017 Oct 10. Accessed March 28, 2019.
  60. Google Play. Google Authenticator. Accessed March 28, 2019.
  61. Authy. Two-factor Authentication (2FA) App and Guides. Accessed March 28, 2019.
  62. Yubico. YubiKey Strong Two Factor Authentication. Accessed March 28, 2019.
  63. Geuss M. Politician’s fingerprint reproduced using photos of her hands. ArsTechnica. 2014 Dec 29. Accessed March 28, 2019.
  64. Two Factor Auth (2FA). Accessed March 28, 2019.
  65. Rubenking NJ. The Best Password Managers for 2019. PCMag.com. 2019 Jan 17. Accessed March 28, 2019.
  66. Rubenking NJ. The Best Free Password Managers for 2019. PCMag.com. 2019 Feb 15. Accessed March 28, 2019.
  67. Cornell Law School. Legal Information Institute. HIPAA Privacy Rule - Administrative requirements. Accessed March 28, 2019.
  68. Cornell Law School. Legal Information Institute. HIPAA Security Rule - Administrative safeguards. Accessed March 28, 2019.
  69. PCI Data Security Standard (PCI DSS). Information Supplement: Best Practices for Implementing a Security Awareness Program. 2014 Oct. Accessed March 28, 2019.
  70. Fahey R. Top 20 Security Awareness Posters With Messages That STICK. Infosec Institute. Accessed March 28, 2019.
  71. SANS Security Awareness. Protecting Healthcare Data Poster. Accessed March 28, 2019.
  72. HHS.gov. Breach Notification Rule. 2013 Jul 26. Accessed March 28, 2019.
  73. ADA. Center for Professional Success. Emergency Planning and Disaster Recovery Planning in the Dental Office. Accessed March 28, 2019.
  74. Hygeia Dental Care. Business Continuity Plan. 2018 Nov 11. Accessed March 28, 2019.
  75. NHS Lanarkshire. Continuity Planning Tool Template. 2010 May. Accessed March 28, 2019.
  76. NHS Information Governance Toolkit. Dental Practice Template: Emergency and Business Continuity Plan. Accessed March 28, 2019.

Additional Resources

Healthcare and dental industry-specific resources:

 

Basic security information and updates on potential threats:

 

Anti-virus software testing labs:

 

Security software & product reviews:

 

Security news:

 

Finding a suitable security expert:

  • Numerous certifications exist. Here are a few well-regarded ones:
    • CISSP – Certified Information Systems Security Professional (governed by not-for-profit ISC2 – International Information Systems Security Certification Consortium)
    • HCISPP – Healthcare Information Security and Privacy Practitioner (governed by ISC2)
    • CRISC – Certified in Risk and Information Systems Control (governed by ISACA, fka the Information Systems Audit and Control Association)
    • CISM – Certified Information Security Manager (governed by ISACA)
    • CISA – Certified Information Systems Auditor (governed by ISACA)
    • CEH – Certified Ethical Hacker (governed by International Council of Electronic Commerce Consultants [EC-Council])