Dental Website Security: HTTPS & More

“How do I keep my dental website secure?” you may ask. Well, that’s what we’re here to talk about. From passwords, to SSL certificates and more, we got you covered, so read on!

Use strong passwords

In the hacking world, weak passwords are the easiest way to break into a network. In most hacking cases it turns out that weak passwords give hackers access to huge volumes of unprotected data. It’s not a stretch to guess that most corporations and businesses use easy to guess passwords.

Exacerbating the problem is what’s called “plaintext” password security. That’s when there’s a document full of passwords against which logon attempts are checked. This system works great – until someone gets access and can see all of the passwords.

In modern computer security, a plaintext password system is the vehicle equivalent of locking the doors, but leaving the windows open, the keys in the ignition, and the tank full of gas.

There are plenty of online tools to generate strong, random passwords – but a general rule for creating a strong password is that it shouldn’t contain any words, names, phone numbers, addresses or other personal information or common sequences.

Make sure you trust your employees

Most crimes are perpetrated by insiders. That’s the case whether it’s theft, graft, or fraud. It’s almost always an insider, and some technical clues point towards insiders in this case.

Why is this especially important for medical practicesYou have access to extremely confidential information.

Keep your patient information secure by only using secure passwords – and keep track of who and when each member of your practice has access to this information by giving each employee a different login – and insisting on a secure password for them too.

Watch out for scams

Scammers try to lure you in by including enough technical information to look official. Unless you take the time to read the fine print, you’ll miss the “this is not a bill” language tucked inside their deceptive notice. There are too many of these scams to list, but the following are the most prominent:

1. The domain name expiration notice

It has your domain name on it, a bar code, credit card logos, etc. All this is designed to make it look official.

At a glance, the letter gives the impression that you need to take action, and sooner than later. However, when you read the fine print, it has the “this is not a bill” language in it. It’s really an offer for services designed to look like a bill, but it’s a scam.

Note: If your domain name is currently managed by ProSites, we automatically take care of your domain renewals for you, so you can ignore any such notice from third parties.

2. The notice for DNS services

Again, the notice has your domain name on it, a bar code, and a bunch of technical information to lure you into thinking it’s official.

In fact, many will even add your correct name servers (this information is publicly obtainable by anyone) to really sell the lie.

You have to read through the notice to find the “this is not a bill” language. It’s a scam.

Note: We’ve seen scammers use client ProSites names servers within these type of notices (,, etc.) If you’re a client, these invoices are NOT from ProSites and you DO NOT need to pay for this service.

3. The foreign domain name registry

Typically these have come from China. They send you an email stating that someone has applied for an Internet Trademark or keyword using your domain name.

The kindly-worded email shows your domain name (with the “.cn” or similar China/Asia extension) and states that they want to give you the opportunity to secure the domain name before they are forced to allow the other party to register your name. This too is a scam.

What’s really going on here is the domain registrar in China is trying to drum up foreign domain registrations by scaring you into thinking someone is about to infringe on your name.

Protect your information with Private Registration

In an effort to protect the domain owner’s information, many of the world’s leading domain name registrars offer “Private Registration” services.

Private domain registration privatizes your personal information within the WhoIs database by switching your “public” domain registration to a “private” unlisted registration.

Private registration shields your personal information from the public WhoIs database. The registrar acts as a proxy agent and maintains your real email address on file so you receive important information regarding your domain name but reduces spam emails by using a dynamic email address that changes frequently.

This inexpensive service is just $9.95/year (per domain) and provides the following benefits and protections:

  • Shields your private contact information
  • Reduces unwanted spam and email harvesting
  • Forwards important communications
  • Curtails data mining attempts
  • Reduces risk of domain hijacking
  • Reduces the risk of identity theft.

ProSites members are encouraged to add Private Registration to their domain names by contacting our Domain Administration team at (888) 932-3644.

Increase Your Dental Website Security with HTTPS

As an online marketing provider for dentists, helping dental practices and their patients stay safe and secure online is one of our top priorities.

One way to increase online security is with an SSL certificate. If your dental site uses a Secure Sockets Layer cert, it will change your URL from HTTP:// to HTTPS://, which stands for hypertext transfer protocol secure, the secure version of HTTP. These are two browser protocols over which data is exchanged between your browser and the website server to which it’s connected.

When a website utilizes HTTPS, all communications between browser and website are encrypted, making it much harder for third parties to intercept, alter, or delete information.

Why else is HTTPS important for my dental website?

Using HTTPS is important for a few other reasons.

First, Google now calls out non-HTTPS sites in a few visible (and scary) ways. Google Chrome used to only mark HTTP pages as “not secure” if the pages had forms that asked for highly sensitive information like a password or credit card, but those days are over..

Amongst many other warnings set up to protect internet surfers, Chrome users now see an unlocked padlock to the left of the URL in their address bar when visiting any non-HTTPS site.

If the SSL certificate is not configured properly, a user may also see a whole screen that cautions the user to beware, the site may not be who they say they are. Even if the information requested is benign, this glaring warning is enough to cause most visitors to close your page and move on to a secure site.

And while you are still able to access sites from that screen, it’s not readily apparent, and you’re likely to lose otherwise good traffic if that shows for your site.

You can visit Why No Padlock to see what’s keeping your site from being fully secure.

To ensure you don’t miss out on getting new patient inquiries or requests to your office, an SSL certificate (which makes your site HTTPS) is a recommended addition to your online security.

Google recommends that all sites now use HTTPS and has even said that in some cases it could cause your site to rank higher than those that still use the unsecure HTTP.

To learn more about keeping patient data safe and secure online in a HIPAA compliant manner, call ProSites at (888) 932-3644 to talk with an Internet Marketing Advisor.

Leave a Reply
Related Posts