Salman-Cybersecurity of Patient Records and Protected Health Information-Mr. Salman course video CSPD

Video Transcription

Video Summary

CSPD president Dr. Sheila Derozgar opens the webinar by noting a February in-person Team CE course on medical emergencies, then introduces cybersecurity speaker Gary Salmon, CEO of Black Talent Security.<br /><br />Salmon explains that cybersecurity is risk management and requires people, process, and technology—distinct from general IT support. He shares real dental-industry incidents, including ransomware that entered through a dentist’s home computer and remote-access icon, leading to complete encryption of records and multiweek shutdowns with ransoms around $85,000–$100,000. He describes how ransomware is typically delivered via social engineering (malicious links/attachments) or exploitation of unpatched vulnerabilities in exposed devices. Increasingly, attackers use “double extortion,” stealing data before encrypting it and threatening to publish it on the dark web.<br /><br />Salmon emphasizes that antivirus and standard IT measures often fail, backups are frequently destroyed or incomplete, and typical outages last about 10 days or more. Costs can range from roughly $150,000 for a single-provider office to over $1 million for larger groups, excluding legal/compliance expenses. He warns that cloud systems are not immune and that practices remain responsible for patient data even when hosted by vendors. Cyber insurance premiums are rising sharply and coverage may become harder to obtain.<br /><br />Recommended defenses include independent security risk assessments, continuous vulnerability management, regular human-led penetration testing, endpoint detection/response, threat hunting, cybersecurity awareness training, and phishing simulations. In Q&A, Salmon advises disconnecting internet immediately during an attack, preserving evidence, contacting incident-response experts and insurers, using “air-gapped” rotating external backups, and evaluating third-party vendor security and remote-access risks.

Keywords

dental cybersecurity

ransomware attacks

risk management

social engineering phishing

double extortion

endpoint detection and response (EDR)

vulnerability management

penetration testing

incident response

air-gapped backups

cyber insurance

third-party vendor risk