Gary Salman, CEO and co-founder of Black Talon Security, explains what recovering from cyberattacks entails and the steps required to ensure...
Small to Medium Sized Dental Groups Need Better Protection from Cyberattacks: Part 1
Why cyber security is no longer just an IT issue—it’s a compliance and operational issue.
DSOPro: Tell us about your background and how Black Talon came about.
I started my career in the early 1990s building practice management software (PMS) for oral maxillofacial surgeons. During my sophomore year of college, my dad, who is a recently retired oral surgeon, said, “Hey, I need some software to manage my business.” We started investigating the systems available and found that there wasn’t anything engineered specifically for the oral surgery space. So, I taught myself to code, my dad basically designed what the software needed to do from a high-level perspective, and I wrote all the code for it. About a year and a half into the process, he showed the program to some colleagues, and they said it would be crazy not to try to sell it because it does exactly what needs to be done for an oral surgeon.
Long story short, we built a very sizable company servicing hundreds of oral maxillofacial practices across the country. In the late ‘90s, I thought, “Why am I selling computers and servers? Why can’t we just try to deploy this thing over the internet?” Next, we built a data center in New York and brought on a couple clients to beta test the cloud technology before we even knew what the word “cloud” was. After about 2 years, we were servicing thousands of oral surgery users across the country with this cloud-based PMS. In 2002, we started to realize how much data we had on these servers—millions of patient files—and that if a hacker got into this environment, we would have a major problem. This was before ransomware or anything like that existed—we were thinking of intrusions into networks, theft of information, things like that.
We started really upping our cybersecurity game and deployed, for that time, state-of-the-art cybersecurity solutions. That was really the conduit for my interest in how to protect this information and prevent anyone from compromising these systems. There was quite a bit of cyber activity going on at the time, although obviously nothing compared to what we see today. People were hooking computers up to the internet left and right and no one was really worrying about protecting them.
I also have 19 years of law enforcement experience and still actively work with a Sheriff’s department here in New York. If you think about what we do at Black Talon on a daily basis, it’s a blend of highly technical things, but we’re also dealing with cyber criminals. Being able to understand the criminal mindset, their tactics and techniques, and apply that knowledge to preventive measures is a very powerful combination. Many companies just focus on helping a business recover using basic tools without really understanding the scope and the depth of cyber criminals. My background in programming, IT, and law enforcement really helps me drive our company in a direction that is more advantageous for our clients.
In 2002, shortly after the deployment of that first system, we sold the company to one of the largest dental imaging and practice management companies and I worked in their dental technology space in a few positions. While in my executive role, I was privy to the technology issues many of our customers faced. Around 2017, I began receiving a lot of phone calls from different types and sizes of practices all over the country that were getting hit with ransomware. They would call us in a state of panic and say, “Our system’s been down for a week! We can’t access our data. What can you do to help?!”SPONSORED
At that point, there was not much I could do. The company wasn’t set up to help with that. There were cybersecurity companies out there in 2017/2018 focusing on the big players, the Fortune 500. But we couldn’t find anyone who was focusing on the small to medium size healthcare market. Even the larger IT companies in the dental space had no idea how to help a client who was hit with ransomware.
So, I started thinking this was something I hadn’t really seen before and maybe it’s a great opportunity to take my experiences and put them to good use. I began speaking to people working on Wall Street in the cyber world and for very large Fortune 500 companies about my idea to start a company that services small to medium sized healthcare entities and helps protect them from cyberattacks.
My partners and I started Black Talon in 2018 with the goal of preventing intrusions and data theft by using some very sophisticated technologies that were typically only available to larger enterprise companies. We leveraged the combined knowledge of our security engineers and leaders to develop very advanced tools to help prevent intrusions. We realized how quickly cyberattacks were growing within the group healthcare practices and specifically DSOs and needed to get ahead of it before these organizations started to fall victim.
DSOPro: Tell us how your law enforcement experience helps.
It gives me a unique insight into the criminal mind. When we’re doing investigations, we deal with a lot of ransomware attacks. Having that investigative type of mind or mindset is very beneficial when you’re trying to figure out the how, who, and where type of a cyberattack.
It doesn’t matter what size business you are, you will eventually be targeted and potentially hit. So, whether you’re a small GP practice or a DSO with 1,000 locations, everyone’s at risk. And it’s across all industries—medical, dental, veterinarian, legal, financial, manufacturing. But the hacking community knows the value of striking a healthcare system because it’s a treasure trove of information. There are hundreds of thousands or millions of pieces of personally identifiable information—patients’ first name, last name, date of birth, social security number, address, family members, email addresses. This type of information is highly prized by hackers for multiple reasons, especially identity theft. You basically have a person’s identity when you get into a healthcare record.
The other big reason hackers target the healthcare space is they understand the state and federal laws related to compliance and reporting. If I’m a hacker, I want to guarantee that I get paid, so I’m probably going after a regulated industry like banking or healthcare.
Typically, when a DSO gets hit, their attorneys say, “I understand you have a backup of all your data. But the hackers still have every single patient record. If you fail to pay them, they will publish those on the dark web for sale and you will have a massive compliance nightmare. You may be subject to class action lawsuits and face all the state and federal compliance regulations. Your only option is to pay the ransom to prevent further damage.”
We’ve had hackers actually come back and say, “We now have all of your patient data. We know the HIPAA laws and if you don’t pay, you’ll be in violation of them, so pay us.”
We’ve done hundreds of these cases and have never experienced a case of a ransom being paid and the data being published. Most hacking groups won’t publish because if they do that, everyone will stop paying them. So, as crazy as it sounds, they want to have a positive reputation. They don’t want to be flagged as a group that steals your money and doesn’t follow through. If they’ve committed to erase the data and not sell it, they will do that.
I think one of the big challenges right now in the dental and the medical space is that hackers know they are a “pot of gold.” That’s why we’ve seen such a recent spike in attacks in the DSO space. These data thieves know the volume of patient records in these organizations and know they can cripple operations for 3-4 weeks to ensure they are receiving their payout.SPONSORED
DSOPro: How has hacking affected insurance? Do practices have insurance to cover these class action lawsuits?
Cyber insurance has been around for a while, and usually covers a practice or group for the entire event. They pay the legal fees and a company like ours to help the practice or DSO recover. They pay the ransom demand, and for the downtime, loss of production, reputational damage, and things like that. These policies are pretty comprehensive. What’s starting to happen in the last 12 months, and will continue, is that the premiums have skyrocketed. Carriers have paid out billions of dollars in claims and they are no longer willing to take such high losses. Some of the premiums have gone up two to five times in the last year.
Additionally, the requirements insurance carriers are putting on the dental practices and DSOs from a security perspective has increased dramatically. So, the days of just saying, “Yeah, I have a firewall, antivirus software, and a backup system” are gone. They don’t consider that to be “cybersecurity” anymore. They want to see a lot of more advanced technologies in place that will provide better defensive capabilities than what most practices and DSOs are running. They question the practice about what they’re doing for security and how they’re doing it. Are they scanning their computers for vulnerabilities? Are they doing penetration testing? Do they train their teams on the various forms of attacks so if they receive a phishing email, they know not to click on it?
They are also starting to ask questions about the vendors dental groups work with and what type of access they have to the network and where is the data being stored. Practices can now be breached through a third party, and that’s become another big problem. If they have all their data in the cloud or a PMS hosted somewhere else, those parties can get hit. If they are breached, patient data can be compromised. Under the HIPAA laws, it still points back to the practitioner or the dental group. That’s becoming a major challenge, too.
Another challenge with insurance coverage is that if you are hit and file a claim, you may be uninsurable in the future because carriers are worrying about future class action lawsuits. If your policy is up for renewal after an intrusion, you must disclose that to the carrier, which may not want the risk of owning a multimillion-dollar lawsuit and deny the application.
Many dental groups are not thinking about this. They think they’re okay because they have insurance and expect most of their losses will be covered. Practices getting hit with smaller events are choosing to pay the $20,000 or whatever out of pocket versus risking never being able to get coverage again.SPONSORED
DSOPro: Are patients remaining loyal to DSOs after a hit or are they losing patients because of this?
Some of the bigger DSOs may have done some analysis on patient attrition. But for the specialty practices like endo and oral surgery, when those patients have emergencies and can’t be seen for 2 weeks because the system is locked up with ransomware, they may go somewhere else. Also, I think patient loyalty is not what it used to be for a lot of healthcare providers.
Read Part 2 of this article in the September 2023 Technology edition of DSOPro.
More from the Newsletter
- PracticeTek Debuts Ora Dental, a Generational Technology Leap for the DSO and Dental Industry
- A-Dec introduces First Digitally Connected Dental Chair and Delivery System
- 42 North Dental Sees VideaAI as a Game-Changer for Patients and Dentists, Plans for Full Roll Out in 2023
- Zelis and Rectangle Health Deliver Revolutionary Straight-Through Processing for the Healthcare and Dental Industries
About Gary Salman
Gary Salman is Chief Executive Officer and co-founder of Black Talon Security, LLC. He is dedicated to data security and understanding the latest trends—particularly as they relate to the dental and healthcare industries. He has decades of experience in software development and computer IT, and he also developed one of the very first cloud-based healthcare systems.
Gary lectures nationally on cybersecurity threats and their impact on the healthcare industry. He has trained thousands of dental practices on how to maintain “best practices” in cybersecurity.
Gary also has over 19 years of experience as an instructor at West Point and in law enforcement. He is also a member of InfraGard, a partnership between the FBI and the private sector to share information and intelligence.
Black Talon Security has been called upon to assist with some of the largest distributed ransomware attacks in U.S. history, resulting in millions in ransom payments and tens of millions in damages to the victims. In every instance, all data was recovered and successfully decrypted. Black Talon Security is an expert in preventative measures as well as incident response, ensuring their clients are well-protected against cyberthreats.
Black Talon Security
Black Talon Security is a dedicated cybersecurity company that goes beyond traditional IT measures to protect your DSO against cyberthreats. Simply deploying threat detection and network monitoring tools is not enough to ensure robust security. Making informed, compliance-based security decisions requires more than just technical solutions. Our highly credentialed security engineers lend their expertise to properly assess and address the ongoing risk levels within your business—lessening the potential of a ransomware attack or data breach.