Five years ago, the typical ransomware attack on small practices demanded $5,000. Today the hackers' demands may start at $250,000, says Gary Salman, CEO of Black Talon Security, LLC, with offices in Katonah, NY, and Boca Raton, FL. Even worse, unless a professional cybersecurity firm manages the crisis, the odds are high that the practice will have to close for a couple of weeks for lack of access to its files until the ransom is paid. Otherwise, the patient data will be posted on the "dark web" for other criminals to exploit.
Black Talon, founded in 2017 by Salman, has developed a reputation for being the “new sheriff” in dental practice cybersecurity to explain how to prevent attacks or negotiate with thieves who have stolen patient records. He is best known among dentists for serving as the director of Carestream Dental's U.S. oral and maxillofacial surgery and orthodontics divisions for most of the 15 years he was with the company.
"I come from a long line of oral surgeons, including my dad, a couple of cousins, and a great, great uncle who was one of the first OMS in New York," Salman told MicroDental Laboratories, explaining his early interest. "My original major at Muhlenberg College was pre-med with plans to become an oral surgeon, but I was already a computer nerd. The summer after my freshman year, my dad asked me to develop practice management software for his practice since there was nothing specifically engineered for his specialty. We met with a family friend who worked at IBM, who recommended we work with a database application and try and engineer it ourselves. I saw an opportunity and switched my major to the first class of a B.A. in entrepreneurial studies. I was flying all over the country in my last two years of college, setting up OMS practices with our software, and by the time of graduation, I had 30 clients."
Salman founded OMS COMP to serve his growing client list in the Internet Stone Age of 1991, selling it to PracticeWorks (now Carestream Dental) in 2002. Over the last decade, he began receiving more and more panicked calls from dentists he had known for a long time and had been hit with ransomware. Unfortunately, he had to inform them that his company was not in the cybersecurity business.
"I realized there was going to be a huge and growing opportunity in this space because IT vendors were not doing an adequate job of protecting their customers from these types of hackers," he said. "I began talking to friends at Fortune 500 companies about forming a cybersecurity firm that could close this dangerous gap that was seriously damaging businesses, creating chaos, and leading to patient data being made available online in violation of HIPAA. We now serve a wide variety of healthcare clients, professional services organizations, manufacturers, accountants, robotics companies, and software companies."
Black Talon has done thousands of firewall tests, and he estimates that about 60% of dental practices can be readily breached due to undetected vulnerabilities on the devices. Even at large, their IT vendors and otherwise sophisticated Dental Service Organizations (DSOs) do not recognize how easy it is for hackers to scan their firewalls for vulnerabilities and breach the network. Most practices believe that if they have installed anti-virus software, that is all they need to prevent hacking. They often do not realize that there are many other ways that hackers can gain access to their network.
There is a lot of naivete among small practice owners who think being "in the Cloud" means they don't have data on their computers. Salman says a lot of patient records are stored on x-ray and CT machines, in emails and attachments, on the “front-desk” computers, and hackers can just install screen sharing software that automatically fills in the name and password to log in and browse the history to find whatever they want.
"Too often, if there is a breach, the IT vendor will erase the evidence this happened and tell their client that they will just recover the backups, that it was just a ‘cryptovirus,’ and doing that prevents a forensic team from being able to even communicate with the hackers," Salman explained. "The practice doesn't realize that 75% of the time when a breach has occurred, their patient data has been stolen, and they only find out it is online when a government agency tells them their data is available on the dark web. Too many practices are unaware of the HIPAA regulations and unfortunately find out the hard way."
When IT vendors get involved in remediating the attack, they often tell clients the problem has been fixed and not to worry, hoping word will not get out and that their ability to protect practices won’t be called into question. But how can Black Talon negotiate terms with cybercriminals and trust them to unlock and decode the data after a ransom is paid?
"About five years ago, some hackers were paid and did not return the keys to unlock the encrypted data, but they went out of business because other cybersecurity groups and we started posting notices never to pay them," Salman explained. "Many of these operate like franchises that split the ransom with the provider of the encryption software, so in their industry, there is a need to have a good reputation for cooperating with us. It’s along the same lines of a business getting a bad Yelp review."
Late in 2022, Black Talon began installing automatic self-patching solutions to fix exploitable vulnerabilities. “This patching software is far more sophisticated than what IT providers are doing for their dental clients,” Salman said, “and far more advanced than simply relying on Microsoft or Adobe.” Millions have been put in place to eliminate the risks associated with software and hardware vulnerable to exploitation.
"It will typically take 30 to 45 days for IT companies to remediate the vulnerabilities we detect, which is too long since cybercriminals typically can build exploitation kits within 10 days," he explained. "Hackers are also increasing the speed of their attack. They used to dwell within the system for 3 to 4 weeks. Now, they get in, steal the data and launch their attack within days."
Where will dental practices be going in 2023 and beyond in regard to ransomware?
Salman predicts "autonomous identification and remediation by those who understand they are in a war with a very sophisticated enemy.”
Featuring
As the CEO and co-founder of Black Talon Security, Gary Salman is dedicated to data security and understanding the latest trends in the industry, particularly as they relate to healthcare. He has decades of experience in software development and computer IT and developed one of the first Cloud-based healthcare systems. As a sought-after speaker and writer, Gary also lectures nationally on cybersecurity threats and their impact on the healthcare industry. He has lectured and trained tens of thousands of practices across the U.S. on how to maintain “best practices” in cybersecurity and has been featured in over 70 national publications and news stories in the medical, dental, legal, and financial industries. In addition, Gary has over 17 years as an instructor at West Point and is involved in law enforcement. He is also a member of InfraGard.