Ransomware attacks Dentists Offices
An online data backup service called DDS Safe that archives medical records, charts, insurance documents, and other personal information for dentist offices were attacked with an extremely advanced and fairly recent strain known variously as REvil and Sodinokibi.
DDS Safe is offered by Digital Dental Record who uses a cloud management provider called PerCSoft. PerCSoft was hit with the ransomware strain on Monday, Aug. 26th and encrypted the patient information for 400 dental offices.
At this time, roughly 80-100 of the offices have had their information restored after PerCSoft paid an undisclosed amount for the decryption key.
Threats against Healthcare
While government agencies seem to be facing the brunt of ransomware attacks, healthcare is facing roughly 30% of all attacks. According to the HHS, “The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule, and a breach, depending on the facts and circumstances of the attack.”
How can I protect my practice/business against ransomware?
- Data Backups are a Necessity: It’s important to maintain both cloud and offline backups of PHI or sensitive information. In the event one becomes inaccessible, the other can be restored with minimal downtime.
- Systems Inventory: Have an IT systems audit performed where and systems that are outdated or no longer secure can be isolated.
- Continous Security Education: Perform security awareness training regularly and keep security awareness programs up to date.
- Patch Cycle Program: Use a patch management program where patching is performed at least every 30 days including third-party applications.
- Perform application whitelisting: Application whitelisting ensures systems run authorized applications.
- Endpoint detection and response (EDR): Baseline systems and keep an eye out for any new or rogue processes.
- Secure email gateway: Deploy a secure email gateway solution that removes malicious emails from users’ mailboxes.
Download our infographic and learn how to identify a phishing scam when you see one.
Other Articles You Might Be Interested In:
Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...read more
Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.read more
Founded in 1999, ITonDemand helps businesses and associations across the US achieve growth by guiding and supporting IT infrastructure and providing cybersecurity management. ITonDemand’s Core Solution and Security+ have been recognized among both Managed Services and Cybersecurity Providers as a member of the MSP Pioneer 250 and the Top 200 MSSPs.