How would you feel if someone had broken into your home, stolen the safe or documents folder with all of your most sensitive information, and asked for a steep ransom in payment for its return? This is almost precisely what happened late in August 2019 for hundreds of dentist offices that utilized a particular form of information software.
One Monday morning, hundreds of dental practices opened to find that they had been completely locked out of patient data systems. All of the practices were clients of DDS Safe, a dental records IT security company. The weekend prior, a group of hackers managed to penetrate the software’s IT infrastructure and infect the system with what is known as ransomware — malicious software that allows for the theft of sensitive data that can be held for ransom by users or clients of a particular data storage system.
Though most of the files were encrypted to make identity theft from patients records less of a concern, the loss of patient data would still prove to be a significant hindrance to dental practices and likely spell the end of the dental data company in question. Lost data due to a lack of diverse backups is not only a costly burden to organizations but can also drastically damage a data company’s reputation.
The dental records IT company ultimately paid the requested ransom to recover client data. Paying ransoms for the retrieval of data is generally not recommended because it is thought only to encourage future ransomware attacks with no assurances that the data will even be recovered. Though the ransom was paid, the process of decrypting the data for dental practice use has been slow going or simply not possible in some instances.
Do’s & Don’ts of Ransomware
- Employ proper scanning and filtering of organizational emails. All unknown links and attached files should be thoroughly scanned and investigated before use.
- Use a virtual private network (VPN) when traveling. A virtual private network will allow for your data to be encrypted so that it cannot be misused by malicious parties.
- Use a robust recommended antivirus system and firewall for devices connected to business data systems.
- Have a secondary backup plan if one of your data backup sources is compromised.
- Don’t share personal information in reply to emails from unverified sources or unsolicited phone calls or text messages.
- Do not pay ransoms. This only funds and encourages additional attacks with absolutely no guarantee that your data will be retrieved. Even if retrieved, your data may not be usable.