The day your refrigerator broke the internet

2016 10 27 15 33 56 901 Currier Bryan 400

You, and your patients, probably started Friday, October 21, the same way you do most weekdays. I know I did. I opened my phone to the Starbucks app to place a mobile order. Except I couldn't, because when I clicked my order nothing happened, and the Starbucks app returned an error.

Bryan Currier is the president of Advantage Technologies.Bryan Currier is the president of Advantage Technologies.

So I tried it again -- same response. A little bewildered, I shrugged it off as a problem with my iPhone. I walked into Starbucks, placed my order, and happily went on my way with my drink.

When I got home, I was going to check an Amazon.com order, only to realize I couldn't get into Amazon.com because the website was down. Well that can't be right. Amazon can't be down -- the world stops if Amazon goes down.

What on earth is going on? Turns out, there was nothing wrong with my iPhone, there was nothing wrong with my Starbucks app, there was nothing wrong with Amazon -- there was something wrong with the internet.

Within hours, you, your staff, your patients, seemingly the entire U.S. noticed many websites were down, including Amazon, Netflix, Twitter, Reddit, Spotify, and Starbucks. They were just simply not available.

What happened?

Turns out there was a large-scale, widespread distributed denial-of-service attack. Essentially this is when servers are flooded with millions of fake requests for information; so much so that they are unable to respond to the legitimate requests. They simply lock up and crash under the weight of this attack. Amazon.com was a victim, so was Starbucks, so was Spotify, so was Reddit, and so were about 150 other major sites, which were down anywhere from minutes to hours. We're not aware, at this time, if any major dental sites were victims of this attack.

Other than the fact that it was a minor inconvenience for you and your patients, why should you care? We don't know who did it, but what is more interesting is how it happened.

“Devices such as your imaging devices and intraoral cameras that directly relate to the daily needs of the practice should be protected by the firewall.”

Do you have so-called connected devices in your office or home? Not computers per se but cameras, routers, digital video recorders (DVRs), and other such devices. Maybe you can control the office thermostat through your smartphone.

Previously, in attacks such as this one, we've often found that the origin of the attack is a group of computers that have been taken over by a virus or malware that spits out these fake requests. That is not what happened here.

This was an army of DVRs, routers, cameras, thermostats, and other devices -- benign objects on their own, but together, on this occasion, these seemingly unconnected devices brought down websites over a large portion of the U.S.

All of this was accomplished from a small piece of software that was released on the dark internet. It allowed a hacker to distribute the malicious software to all of these little devices of yours and you had no idea. Why would you? The hardware still worked as it should, your DVR still showed the latest episode of "The Walking Dead" or "NCIS," my heater still turned on, the security cameras still functioned as they should, and no one would know the difference.

So did all of these devices suddenly turn on us, like a scene from "I, Robot"? Not quite. Many times these situations are started with a phishing email. You get an email that looks like it is from your bank or another prominent institution asking you to reset your password. However, it's not really from them, instead when you click on a link in the email, it downloads code to your computer.

In today's Internet of Things, that code now goes to your computer and also to every other device that is on the same network as your computer. As this event demonstrated, this amazing interconnectivity we now have has both pros and cons.

We are in an era in which everything is connected. Cameras, thermostats, DVRs, and even your refrigerator now have the ability to be connected. It's a wonderful convenience and an amazing time to be living in. However, we need to be aware of the risks as well, particularly in businesses such as dental practices with sensitive information.

You are sitting on a treasure trove of protected health information that is covered by HIPAA. So we must be wise about how we embrace the Internet of Things in this environment. Let's talk about some practical steps for your office.

3 key tips

1. Is the juice worth the squeeze?

Do you really need a toaster that will send you a text message when your toast in done in your practice? When you look at smart thermostats and other devices, some of these technologies are valuable and helpful. Sometimes these are features that aren't going to make things better. So, if the juice isn't worth the squeeze, don't bother.

2. If it is worth the risk, how do we limit that risk?

You isolate it. Your thermostat, wireless cameras, and any other smart device should be on the guest network, not your main practice network. This portion of the practice network should be fully segmented from your internal wireless. They should never be on the same network as servers or workstations.

A safe rule is that if it doesn't need to be on your internal Wi-Fi, put it on the guest Wi-Fi. Your security cameras, thermostat, Apple TV, and everything else will function exactly the same.

3. Special considerations for the practice

It is important to note that in dental practices we have certain devices that should be and remain on the internal network. Devices such as your imaging devices and intraoral cameras that directly relate to the daily needs of the practice should be protected by the firewall and the technological securities in place. There is a big difference between a smart thermostat or DVR and your intraoral cameras and Cerec.

These are some steps that will go a long way toward making sure we are smart in a world of the Internet of Things. A connected world is wonderful, but it demands that we be smart about it. As in all technology decisions, especially those dealing in security, be sure to consult with your IT management company. It is there to support and be a resource for you. An extra call to the company, as well as the time and money spent on reducing your risk, is much better than a call from the Office for Civil Rights.

Bryan Currier is the president of Advantage Technologies, an IT company and leading source of technology integration solutions for the dental community.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Page 1 of 546
Next Page