In this episode of Beyond Bitewings, Lynn sits down with Duane Gallup from Vital Technology Group, a specialist in dental cyber security. Duane shares insights into the evolution of their company from a Managed Service Provider (MSP) to a Managed Security Service Provider (MSSP), focusing heavily on security issues within dental practices. The discussion highlights several misconceptions in the dental industry about cyber security and stresses the importance of having robust systems and professional oversight.
Lynn and Duane cover crucial elements of cyber security such as the importance of secure DNS, backup systems, phishing prevention, and compliance with HIPAA and PCI regulations. They also share anecdotes about real-world security risks and the impact of compromised systems on dental practices. Duane emphasizes the need for dental practices to use professional IT services rather than relying on DIY methods while detailing the range of products and services his company offers to help mitigate these risks.
For more information about Duane, visit: https://vtgtx.com/
If you have specific questions about embezzlement or if you'd like to have another question answered on a future podcast, please reach out to the Edwards & Associates team. (https://www.EandAssociates.com)
Key Topics Discussed:
Welcome to Beyond by Wings, the business side of dentistry, brought to you by Edwards and Associates, PC. Join us as we discuss how to build your dental practice, optimize your income, and plan for your future. This podcast is distributed with the understanding that Edwards and Associates PC is not rendering legal, accounting, or professional advice. Listeners should consult with their business advisors before acting on any of the information that is shared. At Edwards and Associates, PC, our business is the business of dentistry. For help or more information, visit our website at eandassociates.com.
Lynn Ledbetter [:Hello, and welcome to another episode of Beyond Bitewings. I am Lynn Ledbetter taking over for a moment for Ash, who is right now at the dental show, and he's out mingling because that's what he likes to do. And I'm here talking about cyber security, which is something I would much rather do than than mingle. So this works out for us. And I have a guest with me. His name is Dwayne Gallup. And, Dwayne, tell us a little bit about yourself and your company, and and just
Duane Gallup [:kinda what you do. Hi, Lynn. Okay. So I am with Vital Technology Group. It is a company I started in 2013. We are dental specific.
Lynn Ledbetter [:Okay.
Duane Gallup [:And we started out as an MSP, a managed service provider.
Lynn Ledbetter [:Okay.
Duane Gallup [:And providing, you know, support services and installation services for computers, and we have grown into an MSSP, a managed security service provider.
Lynn Ledbetter [:Okay.
Duane Gallup [:And, what we're what we deal with today in 2024 is more security issues than we do maintenance issues.
Lynn Ledbetter [:I am not surprised about that at all.
Duane Gallup [:You know, catfishing is is I've got it. Well, I'm not wearing the shirt today. Tomorrow, I wear the Gone Fishing shirt.
Lynn Ledbetter [:I love it. I like your shirt today too.
Duane Gallup [:Well, thank you. Thank you. Yes.
Lynn Ledbetter [:Today, his t shirt says ethical hacker. It's great.
Duane Gallup [:And and at the bottom, your your password's too short. So I changed it for you. So, yeah. We're we're all about trying to to to secure everybody from the just the onset of security issues that that our computers have opened the door to.
Lynn Ledbetter [:Is is this because everything is cloud based now or because there's so many email spams coming in or what do you see as the biggest kind of threat and weakness?
Duane Gallup [:Well, you know, the it doesn't matter if you're cloud or premise based
Lynn Ledbetter [:Okay.
Duane Gallup [:On your software. Security comes in many different factors or forms. The biggest problem today I mean, everybody has antivirus. If they don't, I don't I don't know what they're thinking, but Right. Everybody's got antivirus. Everybody probably has or should have backups. So, they've got some protection. They got 2 layers there.
Duane Gallup [:We go a bit further and we'll we'll promote, secure DNS. You need secure DNS, and DNS is like a phone book for computers.
Lynn Ledbetter [:Okay.
Duane Gallup [:So, when you say I wanna go to google.com, your computer doesn't know where Google is. It it it does a DNS search.
Lynn Ledbetter [:Okay. So it
Duane Gallup [:checks the phone book and then it knows where to find it. It's an open book. You you get a free book with every m s or m every ISP.
Lynn Ledbetter [:K.
Duane Gallup [:So your internet provider gives you a free phone book.
Lynn Ledbetter [:Got it.
Duane Gallup [:But their phone book will take you to bad places.
Lynn Ledbetter [:K.
Duane Gallup [:Dirty neighborhoods, bad neighborhoods. Okay. Scary neighborhoods.
Lynn Ledbetter [:Wrong side of the track kind of place.
Duane Gallup [:Wrong. It'll take you anywhere. So their DNS service is fine, but it it it can be dangerous. So what we do is we'll take and put people on a secure DNS. That DNS, that secure DNS you pay for it, but it prevents you from going to places you don't wanna go.
Lynn Ledbetter [:Because correct me if I'm wrong, but most of the security issues are are are instigated by the user accidentally. Right?
Duane Gallup [:Absolutely. Okay. Absolutely. And and that's kinda where I was going with everyone has backup, everyone has antivirus, but the biggest way into your network is through a a user.
Lynn Ledbetter [:Okay.
Duane Gallup [:Is the user can bypass every tool you have put in place, your firewalls, your your DNS. You it can they can get past it. I I had a customer. Funny thing. I was I was picking up my son from the airport for his wedding and literally was driving around the neighborhood or around the airport. Airport I wasn't familiar with in Vegas and I'm getting text from this doctor and he's saying, hey, I got this QuickBooks problem and I'm a, you know, I got this QuickBooks engineer and he's wanting me to put in a code Mhmm. To give him access. And and so I'm I'm having to have my wife text him because I'm driving.
Duane Gallup [:I don't know where I'm at at this airport. And she and she's reading it to me and I said tell him no. Tell him stop. Right. Wait. Did he initiate the service call?
Lynn Ledbetter [:That's the biggest question.
Duane Gallup [:And he didn't initiate it. No. He got a text. It didn't even come from the computer. Yeah. He got a text that made him think he needed to give somebody access
Lynn Ledbetter [:to this. I've seen it. I've seen it.
Duane Gallup [:So, you know, and I've been catfished, myself, and and it's embarrassing as as the owner of a security company. But, I was having trouble with QuickBooks. And, and it was a payroll problem and I needed payroll help. And, I go to their website within their product.
Lynn Ledbetter [:Okay.
Duane Gallup [:They give me a number to call and I'm thinking I'm talking Intuit, but I'm not. I'm talking to an Intuit partner. Wow.
Lynn Ledbetter [:Okay. That is scary.
Duane Gallup [:Yeah. And it was a legitimate partner. Okay. But they ended up selling me payroll services for 3 times where QuickBooks Intuit sold me.
Lynn Ledbetter [:Okay.
Duane Gallup [:And and to this day, they call every anniversary and attempt to get my credit card number and they're basically listed as a CPA. Wow. So, the the billing was coming from Florida and and that was my own catfish experience. I had to then transition back to Intuit instead of going through that that CPA. Right. But, it was misleading. The whole thing was misleading. Exactly.
Duane Gallup [:And and I was lucky. I've had customers call me going, okay. I just fell for this. I'm like, why didn't you call me first? I know. I know. Anyway, I get the call and I had I was logged in to Google And I I used Google password manager. And they saw me log in to Google. So now, they can log in to Google as me.
Duane Gallup [:They don't even have to be on her computer. They can go through her password manager and and have access to her Amazon
Lynn Ledbetter [:That's so scary.
Duane Gallup [:Bank, to everything.
Lynn Ledbetter [:Yeah.
Duane Gallup [:And I and she had 40 or so passwords that she changed only to realize, initially we didn't know they they knew her password into Google. She didn't change her password to Google. The next day she had to change it again. So, we offer a variety of different services to help associations, organizations deal with, these risks. Security DNS is one of them. We offer phishing. It says ethical hacker.
Lynn Ledbetter [:Yes.
Duane Gallup [:We will phishing you and your employees.
Lynn Ledbetter [:Okay. I love that feature. Yeah. Yeah.
Duane Gallup [:And and and I've been bit by my own fishing.
Lynn Ledbetter [:Oh, no.
Duane Gallup [:Okay. We target it based off your role Okay. In the organization. Okay. Well, my CTO, our technology officer, he knows I my primary role is chief financial officer. Well, I had happened to let an employee go and I'd been on Amazon killing his credentials on, so he couldn't buy under our organization Right. And wouldn't you know I got an email from I thought it was from Amazon, but it I just been there. So I didn't verify.
Duane Gallup [:I didn't go through the process. I thought I had made a mistake and and I got catfished. I had the secure DNS so I didn't get to go where it was gonna go.
Lynn Ledbetter [:Okay. So there were So safe guards in place.
Duane Gallup [:Safe guards in place. Okay. So it came up and said, hey, we're blocking this site.
Lynn Ledbetter [:Yes. Thankfully.
Duane Gallup [:And then I get a phone call from my CTO going Yeah. Gotcha.
Lynn Ledbetter [:Yeah.
Duane Gallup [:Now you need to go through training.
Lynn Ledbetter [:But that is great because people don't realize how vulnerable they are or their staff is because They're all wrong. It all looks so legitimate.
Duane Gallup [:Yeah. They they are today's malware or today's ransomware, let's go there. Today's ransomware isn't the ransomware 5 years ago or 10 years ago. It used to be just very random. Okay. Okay? But today's ransomware is is very pointed. They know who they are going after. And so, they start fishing you to get access or to get you to to to click a link.
Duane Gallup [:And a link can be it can be malicious. It can it can pull a virus or malware into the system. You know, malware isn't detected by antivirus.
Lynn Ledbetter [:Okay.
Duane Gallup [:So, malware doesn't replicate. So, antivirus doesn't pick up on it. It just thinks it's another program. But malware can give people information that you don't want them to have. Right. It can give them access.
Lynn Ledbetter [:And that seems like a a special risk because dentists, you know, are subject to HIPAA laws and things like that, and they can't allow patient information out there. That's a violation. And so that seems like a real risk for dentists to Absolutely. Allow those kinds of programs. And, I mean, it is for any business as far as financially and but it's an extra layer that the dentist has to be aware
Duane Gallup [:of. Absolutely. And, you know, we're big in the HIPAA space and the PCI PCI compliancy. Yes. Oh my god.
Lynn Ledbetter [:Yeah. Yeah.
Duane Gallup [:That has outgrown HIPAA Yeah.
Lynn Ledbetter [:It has.
Duane Gallup [:By tenfold. It's unbelievable. So, we have tools and procedures. We do we help with PCI and HIPAA audits annually, you know Mhmm. Compliance. But, it it is a problem. We've got a product called EDR and I'm I'm gonna I always get the first, but it's basically, a response. It's auditing in response of Okay.
Duane Gallup [:Of everything that's happening in your computer. And, I struggled to sell it. It's a 3 dollar a month product.
Lynn Ledbetter [:Okay? Okay.
Duane Gallup [:And I struggle to sell it because it's big brother adds security operation center to it. We have live people watching these Oh, wow. Okay. Audit that's always going on Okay. On your computer. And so, you get alerted to then immediate threat and they they can lock Wow. Your computer down. So, if you're starting to get a ransomware, if they see encryption taking place
Lynn Ledbetter [:Right.
Duane Gallup [:They can stop it and say, hey, are we reversing from this? You know, it it has that extra tool. So that's an easy tool to sell Mhmm. Even though it's pricey per compared to the $3 tool to $20 tool. Okay. And so, I've struggled with how to sell the $3 tool because everyone's gonna say, well, gee, if it's making these reports, why aren't y'all reading them? Well No. We will for $20. Right. Right.
Duane Gallup [:You know, why gotta have to
Lynn Ledbetter [:Oh, I mean, that takes a lot of
Duane Gallup [:You know, it takes a lot
Lynn Ledbetter [:of manpower. Sure. Yeah. But
Duane Gallup [:then the other day, about 3 weeks ago, I had a client, his office got physically broke into.
Lynn Ledbetter [:Okay.
Duane Gallup [:And they destroyed everything. They got into the server Wow. Closet. And and so now, he came to us going, oh, jeez. Do I need do did I have a PCI violation? Did I have Right. A HIPAA violation? Is there a data breach I need to now alert all my patients to?
Lynn Ledbetter [:Right.
Duane Gallup [:And I said, well, you know what? You got the EDR. I'm I'm I'm starting to have a light bulbs go off. This is how I can sell this product.
Lynn Ledbetter [:Okay.
Duane Gallup [:You've got the EDR. Let's look at the logs. His x his computers, none of his computers, his server, nothing was accessed over the weekend. Okay. We could verify what does that there was 0 log in attempts even. They didn't even attempt. So we were able to tell him for that $3, you don't have to follow the procedure for a net data breach.
Lynn Ledbetter [:Right.
Duane Gallup [:Whereas if you don't take
Lynn Ledbetter [:the deal That's right. You wouldn't know.
Duane Gallup [:You have to on the side of caution.
Lynn Ledbetter [:Exactly. Exactly. Well, and I think that too many dentists don't realize how cumbersome it is to keep to keep the compliance and to do everything that needs to be done and they try to kinda just tackle it themselves when they just don't have the ability or time to dot every I and cross every t themselves. So I it makes me nervous when they're not outsourcing that piece and having someone oversee their compliance level.
Duane Gallup [:Compliancy is a thing all its own. It is one of the products we sell. But I have I I I I don't I don't try to sell it and be an end all. I wanna work on the IT side. There are companies that do nothing, but compliance Okay. That I partner with.
Lynn Ledbetter [:Oh, okay.
Duane Gallup [:When it comes to compliance and Dwayne Tinker. I don't know if you've you're familiar with Tank.
Lynn Ledbetter [:Not yet. Is
Duane Gallup [:his his company, he's the he calls himself the HIPAA police. He was actually a HIPAA police officer. And now, he I would do events with him and and work with him. But, you know, it's I have customers call me often saying, you know, we've we've shifted here to compliance. But saying, you know, hey, I need help answering these these twelve questions for my HIPAA compliance or my PCI compliance. And I'm like, okay. Here's the problem. You want me to help you and do this as, you know, part of my basic services.
Duane Gallup [:But, those 12 questions, it takes me answering 771 questions to be able to answer those 12.
Lynn Ledbetter [:Right. Yeah. It's hard to know all that in the Yeah. Background
Duane Gallup [:too. And and so, I have that service. I have that product Yeah. That capability. But some customers are buying it from other sources, you know. So, we're, you know, if if they're buying it from another source, they don't wanna duplicate it with me. But I I'll tell them, you know, for a rate, we will help you walk through all this. Sure.
Duane Gallup [:And it's really the toughest the first time because the next year, you're only dealing with what has changed in the wall. Right. If your procedures stay the same and or you follow the procedures. And the problem unfortunately in the dental world is everyone's hot coming home from a convention. They're hot for 6 weeks.
Lynn Ledbetter [:Mhmm.
Duane Gallup [:And then business takes over. Yeah. Life gets back to you. They don't think about it again for a year.
Lynn Ledbetter [:So if we talk about hacking, what do you think is the biggest pitfall or or what advice would you give or, where do they go wrong and where can they go right?
Duane Gallup [:We well, you know, I've the the dental industry is full of a lot of DIY, do it yourself computer guys. Yep. Or they'll have, you know, their kid's friend from high school help. And that's that's probably the biggest error.
Lynn Ledbetter [:Okay.
Duane Gallup [:Because you don't know what you don't know.
Lynn Ledbetter [:That's very true.
Duane Gallup [:You know, I mean, I can I can screw a wood screw in, but does that mean I can set an implant?
Lynn Ledbetter [:Right.
Duane Gallup [:Yeah. So, the best thing you can do is call somebody like Vital Technology Group or or another IT company that that knows your industry and and ask them what do you
Lynn Ledbetter [:offer? Okay.
Duane Gallup [:Why do you offer it? That's probably the biggest question. Okay. Why do you offer it? I do IT services for DIY doctors Okay. That don't want our managed services.
Lynn Ledbetter [:Okay.
Duane Gallup [:But they want our security services. Okay. So, you know, they don't have to buy everything in my menu. I I I literally present them a menu.
Lynn Ledbetter [:Right.
Duane Gallup [:Kinda like going to a restaurant. Right.
Lynn Ledbetter [:And here's the value of this and here's the value of this.
Duane Gallup [:Here's this, this. Where do you need help? Right. Because you may have your HIPAA and your compliance secure there.
Lynn Ledbetter [:That's true.
Duane Gallup [:You may think you have your security here, but if you let me come in and look at it all, I'll tell you what you really need, not just from me, but this is what you need.
Lynn Ledbetter [:Right. This is the piece that you're missing. Yeah.
Duane Gallup [:Yeah. This is this is what you need. It's about taking care of the client. I'm I'm a 3rd generation, or I'm in the middle of a 3rd generation dental family.
Lynn Ledbetter [:Okay.
Duane Gallup [:Okay. My dad was an orthodontist. He taught locally here at A&M back when it was Baylor.
Lynn Ledbetter [:Wow.
Duane Gallup [:And I my brother and sister-in-law are both dentists.
Lynn Ledbetter [:Okay.
Duane Gallup [:And now my niece.
Lynn Ledbetter [:You're surrounded by them?
Duane Gallup [:I'm surrounded by them. I've been in this I've been in this space since the nineties. And security is my number one concern today.
Lynn Ledbetter [:Yeah.
Duane Gallup [:So what what I do with a customer when it comes to securing you for not just compliance. Okay. So talking about hacking
Lynn Ledbetter [:Mhmm.
Duane Gallup [:PCI covers a lot of that.
Lynn Ledbetter [:Okay.
Duane Gallup [:H, HIPAA covers a lot of that. If you're PCI and you're HIPAA compliant, you're probably fine on the on the security side.
Lynn Ledbetter [:Okay.
Duane Gallup [:Because they have that request. And my cyber security suites that I sell are all based on what they require.
Lynn Ledbetter [:Oh, okay.
Duane Gallup [:Okay? And and or what insurance, cyber insurance Yes. Requires. Yeah.
Lynn Ledbetter [:That's right.
Duane Gallup [:Which I had a customer ask say to me, he says, that exist.
Lynn Ledbetter [:Oh, yes. He asked me to just
Duane Gallup [:ask you
Lynn Ledbetter [:to have it. If you don't have it, you need to look into it.
Duane Gallup [:So, yeah. And so, we have actually an agreement with the insurance company. If they have our stat, they will discount, the insurance company will discount their services and they don't make you go through the 100 questionnaire.
Lynn Ledbetter [:Good. Because Because you
Duane Gallup [:guys we did
Lynn Ledbetter [:that and it was a huge, you know, time Oh, absolutely. With our IT guy and our staff. I mean, it was a huge undertaking.
Duane Gallup [:So you can you can buy our Very familiar. You can buy our security suite And it was as a whole and that insurance company will come in, they'll quote you, they don't even they don't even question you.
Lynn Ledbetter [:Because they know that you've got the things in place to help
Duane Gallup [:protect Absolutely.
Lynn Ledbetter [:Their investment policy.
Duane Gallup [:That's right. That's right. And that's why we offer what we offer on our on our
Lynn Ledbetter [:security side. That's
Duane Gallup [:great to know. Yeah. And and it's just trying to have one give you one place. So, you know, we we know your dental software. We know the Dentrix, the Carestream products, the Patterson products. We know everybody's software out there, Open Dental. So, you know, that that side we whipped ages ago. And the security stuff, we're going to training twice a year.
Duane Gallup [:And, and every time there's something new.
Lynn Ledbetter [:Yeah.
Duane Gallup [:Every time I come home with a new tool in my pocket that now I need to go sell because, doggone it, there's a new there's a new vulnerability.
Lynn Ledbetter [:Yeah. It's crazy.
Duane Gallup [:So, you know, where does it end? I don't know. But I what I do know is it doesn't always add to increased cost.
Lynn Ledbetter [:Mhmm.
Duane Gallup [:What I'm seeing with, the vendors and and and and our product as well as the risk, you know, as some of the older risk, they're still there, but they're they're contained.
Lynn Ledbetter [:Okay.
Duane Gallup [:If you will. Okay. It's like a like a tumor that's been contained. It's still a little risk. We we've got it taken care of, but we don't wanna let go of the tool that keeps that Right. Thing. But that tool becomes less valuable. Okay.
Duane Gallup [:So, what happens over time is some of these tools that were really hot 5 years ago are not so hot and they're getting combined and they're getting acquired by bigger companies. And so, we're seeing some of the older stuff combine in into smaller cheap less expensive packages. So, yeah. I'm always coming home with something new that's pretty shiny and fancy, and it does something that that protects us from some area of of vulnerability we didn't ever know we had. But, at the same time, we're also consolidating old tools.
Lynn Ledbetter [:Okay.
Duane Gallup [:So that the cost aren't always going up. Right. You know.
Lynn Ledbetter [:Okay. Great. Well, this has been so helpful. Great information. It was really great of you to to take time from your booth and come talk to us at the show. It's been so much fun.
Duane Gallup [:Thanks for having me.
Lynn Ledbetter [:And so if people wanna find you, I assume you're on the web, what would they do?
Duane Gallup [:We are on the web. I have, my website and my phone number are the same.
Lynn Ledbetter [:Okay.
Duane Gallup [:So it's it's 855digidds.com.
Lynn Ledbetter [:Okay.
Duane Gallup [:So think of digital dentists 855digi dds.com.
Lynn Ledbetter [:Perfect. That's makes it easy for everyone.
Duane Gallup [:There you go.
Lynn Ledbetter [:Thanks so much. Thanks so much.
Duane Gallup [:Thanks so much.
Lynn Ledbetter [:To have you.
Duane Gallup [:Appreciate it.
Ash [:Thanks for listening today. Be sure to shoot us an email at info@eandassociates.com.