Computer security threats in focus
September 17, 2012
Gaithersburg, Md.—Regardless of the security and protection a dental office has on its computer system, it can still be vulnerable to threats and attacks.
But hopefully, if that ever happens, dentists can be prepared. The National Institute of Standards and Technology has published the final version of Computer Security Incident Handling Guide for managing computer security incidents.
“This revised version encourages incident teams to think of the attack in three ways,” said Tim Grance, co-author. “One is by method—what’s happening and what needs to be fixed. Another is to consider an attack’s impact by measuring how long the system was down, what type of information was stolen and what resources are required to recover from the incident. Finally, share information and coordination methods to help your team and others handle major incidents.”
The guide includes a handful of scenarios that detail various breaches and ways to prepare for or handle them. While geared toward large government agencies or corporations, a number of recommendations can be helpful to small business owners, including dentists. Much of the information can be applied to what dentists need to do to comply with the Health Insurance Portability and Accountability Act Privacy, Security and Breach Notification Rules.
HIPAA does not require medical providers to comply with each one of the recommendations of this guide but the document may be helpful with ongoing security planning. Complete and up-to-date information about these topics can be obtained from The ADA Practical Guide to HIPAA Compliance: Privacy and Security Kit (J594; manual, CD-ROM and update service through 2013) by calling 1.800.947.4746.
The NIST Computer Security Incident Handling Guide can be found at
Computer security threats in focus (PDF).