Wednesday, February 27, 2019

Physical Server Theft in Waco, TX Dental Practice

Although this doesn’t happen often… it does happen.  In Waco, Texas thieves broke into a dental clinic and actually stole the server.  That’s right, the thieves broke into the office, grabbed the computer, took it away.  Most of us today, heck even those of us who are big on IT Security, don’t consider this as something that happens any more… but it does.  People *still* steal computers and then try to crack into them later.  When you think about it, there is a certain amount security defeat that goes on with that.  You don’t have to crack into the network and *then* break into the server.  You just grab the server and run.  Then at your leisure you try and work through the security on the device itself.
Now the good news about this theft is that the clinic had protected the server with 2 layers of password protection.  This means that the actual chances of breaking through BOTH password layers is pretty remote.  Good on the clinic for thinking ahead and making this theft unlikely to be profitable.  They did NOT have the data encrypted which would have added another much more difficult layer of security.  However, I really think this should have been the job of their IT provider to suggest this and then implement it.  Not every doctor is a computer security expert.  
I bring this whole story up because anytime something like this happens, it opens the window of opportunity for all of us to learn from these disasters and hopefully close the loopholes that exist in our offices so that these situations are not replicated elsewhere.
The other smart thing the office did, was to have a cloud backup system running which ensured that even though the data from the server itself was unreachable, they could still recreate everything from the cloud.
As many of you know, I’m a big fan of DDS Rescue and their backup systems.  They were the ones that first tipped me off to this story.  However, that’s not why I’m mentioning them.  Part of their service is to provide you with a FREE security assessment.  During my assessment they advised me to physically lock my server to my facility… which I had not done… yet.  However, they were right.  If your physical server is in someway “chained to your office” there is no easy way for bad guys to just walk out the door with it.
I consider that security assessment invaluable as I work to make my IT infrastructure as current and secure as possible.  The assessment allows me to focus on what I do best, which is care for my patients, while I know that DDS Rescue has provided the information necessary for our data to meet and exceed the requirements of HIPAA.
Accidents happen.  Severs crash, viruses replicate, ransomware gets installed (somehow), hackers get in through the firewall, there are plenty of ways for bad things to happen to your server and your data.  Using DDS Rescue is a solid way to prepare for the bad things that can happen to good people.

1 comment: