The recent hacking incident at Henry Schein has left many in the dental industry feeling uncertain and concerned. While the full extent of the breach remains unclear, the fact that, as of today, October 24th, their website has been offline for more than a week is alarming. Henry Schein has stated they are actively investigating the matter, and it’s unclear what data and information has been compromised. Though we await further details, it’s crucial to act now to safeguard your practice and personal information. Here are some protective measures you can take:
Be Vigilant Against Phishing:
Alert your team about the Henry Schein hack and urge them to be vigilant against suspicious emails, particularly those asking for sensitive details. Hackers, after infiltrating a vendor, may access data such as order histories, contact points, or even just the knowledge that you’re a Henry Schein customer. Such information can be exploited to send phishing emails, calls, and texts targeting your practice.
To safeguard against phishing attempts, adopt the following best practices:
- Double-Check Sender Details: Before taking any action, always verify the sender’s email address. Some phishing attempts use addresses that look almost identical to the legitimate one, with small discrepancies.
- Avoid Clicking on Unsolicited Links: If an email contains unexpected links or attachments, avoid opening them. Instead, contact your Henry Schein rep directly using verified contact details.
- Use Spam Filters: Talk to your IT company to ensure your email system uses robust spam filters to catch and quarantine suspicious emails.
- Verify Requests: If you receive an email requesting sensitive information or payment, always verify the request by contacting the requesting party through an independent, verified method before acting.
Remind your team to scrutinize emails, especially those appearing to be from Henry Schein, that request payments, gift cards, or confidential information.
Change and Strengthen Passwords:
Update any potentially compromised passwords that you used in Henry Schein systems. If you’ve reused these passwords on other sites, change them there as well. Encourage your team and anyone who might be affected to do the same. As an added security measure, activate Multi-Factor Authentication (MFA) where possible. MFA is a security protocol that requires users to provide two or more verification methods before accessing an account. This means that even if hackers obtain your password, they’d still need another form of verification—like a texted authentication code — to gain access. It’s a robust way to protect your accounts, even in the face of successful phishing attempts or password breaches.
When changing your passwords, it’s crucial to prioritize security and diversity. Avoid using obvious choices like ‘password123’ or personal details like the practice name. Instead, opt for a mix of upper and lower case letters, numbers, and symbols to increase complexity. A longer password, ideally 12 characters or more, adds another layer of defense and makes it harder for hackers to guess your password. Always use unique passwords for each site; this ensures that even if one gets compromised, your other accounts remain safe. Juggling multiple intricate passwords can be daunting, that’s where password managers like 1Password or Dashlane come in handy. These tools not only generate strong passwords for you but also securely store them. By remembering just one robust password for the manager, you gain access to all your credentials without compromising on security.
Guard Against Identity and Financial Fraud:
After a hack, attackers may have access to a treasure trove of personal and financial information. With these details, they could impersonate you, open new credit lines in your name, or make unauthorized purchases.
- Regularly Monitor Your Accounts: Check bank and credit card statements frequently for unauthorized transactions. Quick detection can help in limiting damage.
- Replace Your Credit and Debit Cards: Given the uncertainty around the potential exposure of payment details, it might be prudent to replace your credit or debit cards. It’s a simple precaution, and most banks make the process straightforward for added security.
- Consider Credit Freezes: A credit freeze limits access to your credit report, preventing identity thieves from opening accounts in your name. Ensure you request a freeze with all three major credit bureaus. Remember, while it doesn’t affect your credit score, you might need to temporarily lift it for certain transactions, like applying for a loan. It’s free and adds an essential layer of protection.
- Set Up Account Alerts: Many financial institutions offer transaction alerts that notify you when there’s activity on your account. These can be instrumental in catching unauthorized activities quickly.
- Review Your Credit Reports: In the coming weeks obtain and carefully review credit reports for any suspicious activity.
- If In Doubt, Act: If you believe your credit or debit card details were possibly accessed during the breach, contact your bank immediately and cancel or freeze your accounts.
Remember, staying vigilant and proactive is the key to guarding against identity and financial fraud, especially in the aftermath of a security breach.
Update Your Software and Systems:
It’s crucial to keep all your devices, applications, antivirus software, security systems, and especially web browsers up-to-date. Those seemingly pesky updates, like the Windows ones, are designed to shield you from threats. A large portion of cyberattacks exploit known system vulnerabilities that updates could prevent. Following a significant breach like the Henry Schein hack, it’s also wise to consult with your IT company. Ask them to implement additional precautions and bolster monitoring. With your practice potentially in hackers’ crosshairs in the coming weeks, reinforcing defenses becomes even more essential. After all, you hold sensitive patient information, and it’s paramount to safeguard that data.
While the situation at Henry Schein unfolds, it’s a timely reminder of the importance of cybersecurity. Take these steps to protect your practice and stay informed as more details emerge.