Ransomware Attacks Dentists Offices
An online data backup service called DDS Safe that archives medical records, charts, insurance documents, and other personal information for dentist offices were attacked with an extremely advanced and fairly recent strain known variously as REvil and Sodinokibi.
DDS Safe is offered by Digital Dental Record who uses a cloud management provider called PerCSoft. PerCSoft was hit with the ransomware strain on Monday, Aug. 26th and encrypted the patient information for 400 dental offices.
At this time, roughly 80-100 of the offices have had their information restored after PerCSoft paid an undisclosed amount for the decryption key.
Threats Against Healthcare
While government agencies seem to be facing the brunt of ransomware attacks, healthcare is facing roughly 30% of all attacks. According to the HHS, “The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule, and a breach, depending on the facts and circumstances of the attack.”
Layering both Security+ and Compliance+ by ITonDemand helps to mitigate the risk of a ransomware attack.
How Can I Protect My Business Against Ransomware?
- Data backups are a necessity: It’s important to maintain both cloud and offline backups of PHI or sensitive information. In the event one becomes inaccessible, the other can be restored with minimal downtime.
- Systems inventory: Have an IT systems audit performed where and systems that are outdated or no longer secure can be isolated.
- Continuous security education: Perform security awareness training regularly and keep security awareness programs up to date.
- Patch cycle program: Use a patch management program where patching is performed at least every 30 days including third-party applications.
- Perform application whitelisting: Application whitelisting ensures systems run authorized applications.
- Endpoint detection and response (EDR): Baseline systems and keep an eye out for any new or rogue processes.
- Secure email gateway: Deploy a secure email gateway solution that removes malicious emails from users’ mailboxes.