Thursday, September 5, 2019

Hundreds of Dental Offices "Dead in the Water" Due to Ransomware Attack


Don’t say I didn’t warn you… in fact I’ve been warning you for years that something like this was going to happen.  Now over 400 dental practices are paying the price.  

Before we go any further with this post I’d like to ask you stop and think to  yourself how long your business would survive if tomorrow all of your data simply disappeared.  Think about that for a moment.  Not only would you lose your clinical data, you’d lose your accounting data as well.  With no way to do billing and no way to generate any new revenue, it wouldn’t be very long before your business would be OUT of business.  In today’s digital environment your data IS your practice.

Now don’t get me wrong, in this case the offices did everything they could.  They hired well known practice management companies (this affected 2 separate software providers).  Unfortunately the 2 companies PerCSoft and Digital Dental Record both used a third company called DDS Safe to provide a cloud backup solution. Ironically, The Digital Dental Record advertises DDS Safe on its website as a way to safeguard files from ransomware attacks.

Evidently the hackers somehow accessed the DDS Safe system and used it to deploy the REvil (Sodinokibi) ransomware on computers at hundreds of dentist offices across the US.  When the dental offices opened on Monday morning, they found all of their computers locked down by Ransomware.

In today’s digital environment of practice, failure to have access to digital tools and digital records severely limits what procedures an office can perform.  Scheduling, radiographs, diagnostic codes, chart notes, all become inaccessible.  Unless a patient knows absolutely what treatment they are there to receive, there is no way to determine that.

I’ve been preaching for years now the importance of having a redundant backup system that I refer to as the “Backup Chain” which contains as many links (nodes) as possible.  You simply cannot rely on one single source of backup to support your practice or any business.  One of the best links in the chain is provided by DDS Rescue which is a hardware “box” that backs up locally as well as to the cloud.  The “box” runs the Linux operating system and is invisible on the network.  Ransomware cannot find it because to them, it doesn’t exist.  The box images my system every hour so if something bad happens, we can simply go back in time to a point before problem occurred.  Simple!

I happen to know of an office that has been hit by Ransomware… TWICE!  Both times DDS Rescue was there and fixed the problem like it never even happened.  This company is a huge part of my digital backup strategy and has been for the last 8 years or so.  They are highly recommended!

There are starting to be quite a few good articles on this whole debacle.  Two of the best I’ve read are from ZD Net and this story even made it to CNN.  If you want to read an in-depth idea of the entire process, make sure to read the article on ZD Net.  The article on CNN is fairly short and provides more of an overview to the situation.

1 comment:

  1. I use a different system. I don't let Windows touch bare-metal *anywhere* due to the multitude of security issues in the platform. Windows gets virtualized on an underlying FreeBSD system. I use a variety of tools in FreeBSD to ensure data encryption, data integrity, and the ability to roll everything back in 15-minute increments. I support off-site backups and the ability to access your off-site data through remote desktop within an hour of a major disaster (fire, flood, theft, etc...) in a dental office. I even refuse to store user profile data in Windows--that gets shipped off to the FreeBSD box as well so we can monitor file access for signs of cryptolocker or other infection or theft. Most pano and 3d-imaging solutions have their data stored outside Windows. I also perform intrusion detection and monitoring. Every single client of mine that has ever been infected has been recovered in under an hour with no more than 15 minutes of data loss. In most cases it's no data loss.

    This hit a few offices in my area, and they eventually reached out to me. I hated to tell them they really only had two options: 1. Start from scratch or 2. pay the ransom. If they had been using my service they would have been back up and running in under an hour.