Ransomware attacks Dentists Offices
An online data backup service called DDS Safe that archives medical records, charts, insurance documents, and other personal information for dentist offices were attacked with an extremely advanced and fairly recent strain known variously as REvil and Sodinokibi.
DDS Safe is offered by Digital Dental Record who uses a cloud management provider called PerCSoft. PerCSoft was hit with the ransomware strain on Monday, Aug. 26th and encrypted the patient information for 400 dental offices.
At this time, roughly 80-100 of the offices have had their information restored after PerCSoft paid an undisclosed amount for the decryption key.
Threats against Healthcare
While government agencies seem to be facing the brunt of ransomware attacks, healthcare is facing roughly 30% of all attacks. According to the HHS, “The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule, and a breach, depending on the facts and circumstances of the attack.”
How can I protect my practice/business against ransomware?
- Data Backups are a Necessity: It’s important to maintain both cloud and offline backups of PHI or sensitive information. In the event one becomes inaccessible, the other can be restored with minimal downtime.
- Systems Inventory: Have an IT systems audit performed where and systems that are outdated or no longer secure can be isolated.
- Continous Security Education: Perform security awareness training regularly and keep security awareness programs up to date.
- Patch Cycle Program: Use a patch management program where patching is performed at least every 30 days including third-party applications.
- Perform application whitelisting: Application whitelisting ensures systems run authorized applications.
- Endpoint detection and response (EDR): Baseline systems and keep an eye out for any new or rogue processes.
- Secure email gateway: Deploy a secure email gateway solution that removes malicious emails from users’ mailboxes.
Download our infographic and learn how to identify a phishing scam when you see one.
Other Articles You Might Be Interested In:
You want to improve the processes of budgeting, forecasting, and fundraising for your nonprofit; however, you are having a hard time identifying problems and solutions. Data analytics can help. This type of business intelligence is already considered indispensable...read more
Your business is always looking to reduce costs. Looking at the information technology budget line items is headache-inducing. So much money spent in one area, and there’s so little you can do about it! But is that really true? IT expenses may not be as fixed as you...read more