Brute Force Attacks: What They Are and How to Protect Your Practice

Brute force techniques are not new to the cyber community, but that doesn’t make it any less important to be diligent and protective, no matter your industry of work. The Federal Bureau of Investigation (FBI), National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released an advisory report detailing activities that occurred between 2019 and now: 

“Malicious cyber actors use brute force techniques to discover valid credentials often through extensive login attempts, sometimes with previously leaked usernames and passwords or by guessing with variations of the most common passwords. While the brute force technique is not new, the GTsSS uniquely leveraged software containers to easily scale its brute force attempts.”

October is Cybersecurity Awareness Month. It’s important that all industries, including oral healthcare organizations, understand the impact of brute force techniques and how to best protect from potential attacks.

What is a brute force attack?

When hackers enter your system or database, they may only make one attempt at a cybersecurity breach. If unsuccessful, most will move on to the next victim. Others will continue attempting to get in until successful. These instances are also referred to as brute force attacks.

By definition, a brute force attack is a type of hacking method that follows a trial and error process, using all potential opportunities to find passwords and other login credentials. It’s a simplified method of hacking, as attackers rely on the computer to do the work for them, constantly using a combination of saved usernames and potential passwords until they find the correct one that allows access to sensitive patient data and information. 

What can a brute force attack do to my practice?

Brute force attacks can happen unexpectedly, but sometimes certain practices and actions by your dental office may be fueling the fire and potential for a data breach. Using computers, in general, could put your practice at risk, but some of the other potential activities that lead to a brute force attack include:

• Opening emails that ask for personal information. A reputable organization will never ask for personal, sensitive information over email. Sharing this information with the wrong person can put all data at risk.

• Clicking on links from unfamiliar sources. Some links are designed to trick you, acting as a virtual key to unlock the door of your data to cyber criminals.

• Conducting business work on public Wi-Fi. Unprotected Wi-Fi is risky because hackers have a better chance of breaching your server. Don’t work online with sensitive information unless you’re using private Wi-Fi.

• Allowing patients to connect to your only Wi-Fi source within your practice. Unfortunately, your safest move to protecting patient information is to trust no one. Don’t let patients connect to your only source of Wi-Fi; rather, provide a secondary source so they don’t have access to the same connection you use to run your practice. 

When a brute force attack occurs, the wellness of your practice and the safety of your patients are immediately put at risk. Here are some of the specific ways a brute force attack can impact your organization:

• Inability to provide proper care. Locked files can mean an inability to access health records and other information that’s necessary for caring for patients. 

• Unexpected expenses. Data breaches can lead to significant expenses - The health industry loses about $13 billion annually to data breaches. These costs come from the money and time it takes to investigate and solve the problem, as well as notifying and protecting individuals whose information was compromised. 

How can I take preventative measures moving forward?

Securing your DPMS from security threats can save the reputation of your organization and keep patient information safe and secure. Data breach awareness is the first step but having a disaster recovery plan ready can prepare you for the worst. Transitioning from on-premise software to the cloud gives you access to additional security and peace of mind that your traditional server can’t provide.