Monday, September 9, 2019

DDS Rescue Makes Public Statement Regarding their Data Security

 


With all of the stories circulating after last weeks Ransomeware attack that took down over 400 offices, industry leader DDS Rescue has released a statement about the event and how their users and clients would no have been affected.

Dear DDS Rescue Customer,

As many of you might have heard, on Monday, August 26, a Ransomware attack was pushed out to hundreds of dental offices associated with PercSoft, The Digital Dental Record, and DDS Safe.

To be clear, DDS Rescue is not associated with any of these companies and has not been attacked by Ransomware.

All of our customers are protected and all data is secure. As your cybersecurity professionals, we do everything we can to maintain your data protection on a daily basis.

Since this attack occurred, we have had a number of offices contact us with questions and we encourage our customers to continue to ask us questions because you are ultimately responsible for your patient data.

Of the many questions that we have received, the most common one is this:

Q: Could this type of attack have happened to DDS Rescue?

A: The simple answer is no.

●     There have been two such attacks on dental offices both through their IT Managed Service Provider in the past two months. In the first case for certain, and most likely in this case as well, the cyber criminals hacked into the companies involved and used their direct connection to remotely send the Ransomware directly into their customers’ servers. DDS Rescue does not maintain any type of open connections with our customers’ servers, which was the mean used in those attacks. You must invite us onto your server each and every time we need access. After we disconnect, the access is dropped and no longer accessible.

●     The DDS Rescue unit runs on a Linux OS and is not part of your Windows domain/workgroup. Our unit does not have any active share folders on your network. As such, attacks on any Windows network would not impact or compromise our device. In addition, a Linux OS is less likely to be targeted in general.

●     Customers’ backed up data is stored in the DDS Rescue unit’s file system, not as an accessible file, adding an additional level of protection. Since each backed up data is encapsulated, an infection cannot spread to previously stored backup files.

As an additional level of security called multi-factor authentication is used on our management databases in order to prevent unauthorized logins.  Any DDS Rescue employee needs to first login and then verify their authority, via a second approved method, in order to ensure no unauthorized access such as from a robot or pushed programs.

Again, please let us know if you have any questions about the integrity of your server or backed up data. And as a reminder, now is the time to take advantage of our full HIPAA Compliance program that is a new value-added service  for your existing account--at no additional charge.

Please contact sales@ddsrescue.com to get more information about the free HIPAA compliance program.

No comments:

Post a Comment