Cyber Security Issues in a Dental clinic

I would add some other points to consider that may be relevant for dental clinics:


- In some provinces, EMR/EHR have a mandatory certification to be used, and as part of that process, the vendors need to demonstrate yearly Pen-testing of their solution by a cybersecurity firm. This may involve different methods of testing :
- - black box testing, where pentesters don't have access to the system and try to gain information
- - grey box testing, where pentester know the internal architecture and try to find flaws
- - white box testing, where they have access to the application or infra

- Sometimes specialized instruments are not patched frequently since their certification process would need to be redone each time (this was the case for some laboratory equipment, and because of certifications they were "stuck" with a windows 95 OS). It's hard to mitigate, except trying to segregate in a subnet.

- DICOM endpoints exposed : See this recent article www.healthcareitnews.com/news/thousands-medical-devices-and-systems-pose-iot-security-risk

- Physical access : sometimes computers are left unsupervized and may permit to plus an USB drive to it, and same thing for ethernet ports. Both methods could be used to gain access to the network. USB drive support should be blocked and unused network ports should not be linked to the main network.

pen-testing of a vendor's solution and pen-testing of a clinic's access (phyisical and network) are definitively something that can make them improve their security

Thank you Foram and Katherine. These are some fascinating insights on cybersecurity in Healthcare that apply to different facets of patient care especially telemedicine where patients usually have a portal into their healthcare facility's EHR/EMR systems.

Hi Katherine,

Thank you for taking the time to provide your insights to the post.

Thank you Katherine for your response, this information is very helpful.

Hello Foram,

The following might be helpful to consider:
-Unpatched systems
-Issues with passwords (ex. reuse, easy to guess, recording, lack of effective password manager, easy to train AI on rainbow tables, etc.) and lack of 2FA
-Monopolization and vendor lock-in (one vulnerability or vulnerable tool is discovered and it brings down the whole stack, ex. Crowdstrike).
-Lack of EDI hiring practises (if you want to create fodder for activism in all its forms, ex. Hacktivism, this is a great way)

Hope that helps

Hello, I am a Health Information Management student working on an assignment related to dental clinics. I need help identifying three key cybersecurity issues in dental clinics. Could anyone please explain it can be mitigated? Also, what recommendations or guidelines does the CHI cybersecurity community provide to address these concerns? Thanks in advance!