Long story short, we built a very sizable company servicing hundreds of oral maxillofacial practices across the country. In the late ‘90s, I thought, “Why am I selling computers and servers? Why can’t we just try to deploy this thing over the internet?” Next, we built a data center in New York and brought on a couple clients to beta test the cloud technology before we even knew what the word “cloud” was. After about 2 years, we were servicing thousands of oral surgery users across the country with this cloud-based PMS. In 2002, we started to realize how much data we had on these servers—millions of patient files—and that if a hacker got into this environment, we would have a major problem. This was before ransomware or anything like that existed—we were thinking of intrusions into networks, theft of information, things like that.

We started really upping our cybersecurity game and deployed, for that time, state-of-the-art cybersecurity solutions. That was really the conduit for my interest in how to protect this information and prevent anyone from compromising these systems. There was quite a bit of cyber activity going on at the time, although obviously nothing compared to what we see today. People were hooking computers up to the internet left and right and no one was really worrying about protecting them.

I also have 19 years of law enforcement experience and still actively work with a Sheriff’s department here in New York. If you think about what we do at Black Talon on a daily basis, it’s a blend of highly technical things, but we’re also dealing with cyber criminals. Being able to understand the criminal mindset, their tactics and techniques, and apply that knowledge to preventive measures is a very powerful combination. Many companies just focus on helping a business recover using basic tools without really understanding the scope and the depth of cyber criminals. My background in programming, IT, and law enforcement really helps me drive our company in a direction that is more advantageous for our clients.

In 2002, shortly after the deployment of that first system, we sold the company to one of the largest dental imaging and practice management companies and I worked in their dental technology space in a few positions. While in my executive role, I was privy to the technology issues many of our customers faced. Around 2017, I began receiving a lot of phone calls from different types and sizes of practices all over the country that were getting hit with ransomware. They would call us in a state of panic and say, “Our system’s been down for a week! We can’t access our data. What can you do to help?!”

CareCredit is Financing Simplified Revolving line of credit patients can use for their ongoing care needs.   Stable - 35+ years in healthcare financing. Strong - 12.7+ million total open accounts & $40B total available credit of all cardholders.  It’s financing simplified.

At that point, there was not much I could do. The company wasn’t set up to help with that. There were cybersecurity companies out there in 2017/2018 focusing on the big players, the Fortune 500. But we couldn’t find anyone who was focusing on the small to medium size healthcare market. Even the larger IT companies in the dental space had no idea how to help a client who was hit with ransomware.

So, I started thinking this was something I hadn’t really seen before and maybe it’s a great opportunity to take my experiences and put them to good use. I began speaking to people working on Wall Street in the cyber world and for very large Fortune 500 companies about my idea to start a company that services small to medium sized healthcare entities and helps protect them from cyberattacks.

My partners and I started Black Talon in 2018 with the goal of preventing intrusions and data theft by using some very sophisticated technologies that were typically only available to larger enterprise companies. We leveraged the combined knowledge of our security engineers and leaders to develop very advanced tools to help prevent intrusions. We realized how quickly cyberattacks were growing within the group healthcare practices and specifically DSOs and needed to get ahead of it before these organizations started to fall victim.

DSOPro: Tell us how your law enforcement experience helps.

It gives me a unique insight into the criminal mind. When we’re doing investigations, we deal with a lot of ransomware attacks. Having that investigative type of mind or mindset is very beneficial when you’re trying to figure out the how, who, and where type of a cyberattack.

It doesn’t matter what size business you are, you will eventually be targeted and potentially hit. So, whether you’re a small GP practice or a DSO with 1,000 locations, everyone’s at risk. And it’s across all industries—medical, dental, veterinarian, legal, financial, manufacturing. But the hacking community knows the value of striking a healthcare system because it’s a treasure trove of information. There are hundreds of thousands or millions of pieces of personally identifiable information—patients’ first name, last name, date of birth, social security number, address, family members, email addresses. This type of information is highly prized by hackers for multiple reasons, especially identity theft. You basically have a person’s identity when you get into a healthcare record.

The other big reason hackers target the healthcare space is they understand the state and federal laws related to compliance and reporting. If I’m a hacker, I want to guarantee that I get paid, so I’m probably going after a regulated industry like banking or healthcare.

Typically, when a DSO gets hit, their attorneys say, “I understand you have a backup of all your data. But the hackers still have every single patient record. If you fail to pay them, they will publish those on the dark web for sale and you will have a massive compliance nightmare. You may be subject to class action lawsuits and face all the state and federal compliance regulations. Your only option is to pay the ransom to prevent further damage.”

We’ve had hackers actually come back and say, “We now have all of your patient data. We know the HIPAA laws and if you don’t pay, you’ll be in violation of them, so pay us.”

We’ve done hundreds of these cases and have never experienced a case of a ransom being paid and the data being published. Most hacking groups won’t publish because if they do that, everyone will stop paying them. So, as crazy as it sounds, they want to have a positive reputation. They don’t want to be flagged as a group that steals your money and doesn’t follow through. If they’ve committed to erase the data and not sell it, they will do that.

I think one of the big challenges right now in the dental and the medical space is that hackers know they are a “pot of gold.” That’s why we’ve seen such a recent spike in attacks in the DSO space. These data thieves know the volume of patient records in these organizations and know they can cripple operations for 3-4 weeks to ensure they are receiving their payout.

Discover a great ROI with glidewell.io™ After just four months of ownership, offices delivering same-visit BruxZir® crowns with the glidewell.io™ In-Office Solution reported monthly savings of 65% or more. How much could you be saving?

 

DSOPro: How has hacking affected insurance? Do practices have insurance to cover these class action lawsuits?

Cyber insurance has been around for a while, and usually covers a practice or group for the entire event. They pay the legal fees and a company like ours to help the practice or DSO recover. They pay the ransom demand, and for the downtime, loss of production, reputational damage, and things like that. These policies are pretty comprehensive. What’s starting to happen in the last 12 months, and will continue, is that the premiums have skyrocketed. Carriers have paid out billions of dollars in claims and they are no longer willing to take such high losses. Some of the premiums have gone up two to five times in the last year.

Additionally, the requirements insurance carriers are putting on the dental practices and DSOs from a security perspective has increased dramatically. So, the days of just saying, “Yeah, I have a firewall, antivirus software, and a backup system” are gone. They don’t consider that to be “cybersecurity” anymore. They want to see a lot of more advanced technologies in place that will provide better defensive capabilities than what most practices and DSOs are running. They question the practice about what they’re doing for security and how they’re doing it. Are they scanning their computers for vulnerabilities? Are they doing penetration testing? Do they train their teams on the various forms of attacks so if they receive a phishing email, they know not to click on it?

They are also starting to ask questions about the vendors dental groups work with and what type of access they have to the network and where is the data being stored. Practices can now be breached through a third party, and that’s become another big problem. If they have all their data in the cloud or a PMS hosted somewhere else, those parties can get hit. If they are breached, patient data can be compromised. Under the HIPAA laws, it still points back to the practitioner or the dental group. That’s becoming a major challenge, too.

Another challenge with insurance coverage is that if you are hit and file a claim, you may be uninsurable in the future because carriers are worrying about future class action lawsuits. If your policy is up for renewal after an intrusion, you must disclose that to the carrier, which may not want the risk of owning a multimillion-dollar lawsuit and deny the application.

Many dental groups are not thinking about this. They think they’re okay because they have insurance and expect most of their losses will be covered. Practices getting hit with smaller events are choosing to pay the $20,000 or whatever out of pocket versus risking never being able to get coverage again.

SPONSORED

Proven to improve perio management A recent study proved patients using Philips Sonicare DiamondClean Smart with Premium Gum Care brush head after SRP reduced plaque and periodontal inflammation more effectively than those with a manual toothbrush. Learn about helping perio patients.

 
DSOPro: Are patients remaining loyal to DSOs after a hit or are they losing patients because of this?

Some of the bigger DSOs may have done some analysis on patient attrition. But for the specialty practices like endo and oral surgery, when those patients have emergencies and can’t be seen for 2 weeks because the system is locked up with ransomware, they may go somewhere else. Also, I think patient loyalty is not what it used to be for a lot of healthcare providers.

Read Part 2 of this article in the September 2023 Technology edition of DSOPro.