400 dental offices hit with ransomware, could you be next?

In August, the dental community and the national news media was all abuzz about the latest ransomware attacks - but unlike major retailers or other similar companies, this time the victims were dental offices. An IT provider to around 400 dental offices, mostly in Wisconsin, was compromised, and the criminals were then able to push out the ransomware virus to those practices, crippling them for days and in some cases, longer. 

With ransomware being so destructive and debilitating, there are certain questions that I feel you should be asking yourself and/or your IT provider:

• Do I have ransomware protection in place? While the manufacturers of antivirus software such as AVG and Windows Defender will tell you their software protects against ransomware viruses, in my experience, this often isn’t the case. Ransomware viruses are particularly nasty and often are released in the public before many antivirus software programs have time to react and update their software. My best recommendation is to install ransomware-specific software. I’ve always had good luck with Sophos Intercept-X (sophos.com/en-us/products/intercept-x.aspx) or Cryptoprevent (d7xtech.com/cryptoprevent-anti-malware/); both are excellent and for around $25 to $30 per computer per year, you can have top-notch protection in place.

• Do you have a business-class firewall in place? When I say business-class, I do not mean consumer level routers. Many offices use consumer routers from companies such as Linksys, D-Link, Netgear, etc. While these cover the basics and meet HIPAA requirements, there are better firewalls out there that are more designed for protecting critical patient data.
  I’ve usually recommended the Sophos XG series, others such as Sonicwall are also very good. These aren’t cheap­-expect to pay $500 to $800 for a good firewall-but then again, a ransomware virus isn’t cheap either.

• Do you have a verified and tested backup in place? HIPAA rules are quite clear on this. It’s not enough to just have a backup in place, but it must be tested and verified on a regular basis (we do this weekly for our clients). Up until this recent infection that hit those 400 offices, I told my clients I had never seen an encrypted backup be hit by a virus - but that all changed in August.
  

• The ransomware virus in that attack, Sodinokibi, hit one of our clients and actually infected their local encrypted backup. This is why we always strongly recommend you have an off site backup; we used our cloud backup to restore the client’s data. Many better backup programs won’t backup the data once they see it is corrupted. This is a good thing, as it means the cloud backups will remain unaffected.

• Are you or the IT company taking steps to keep accounts private? Most IT companies (and a lot of you, also) use remote access to not only access clients’ systems, but to be able to push out files and patches as needed. The best way to keep this, and many other systems secure, is using what’s called two-factor authentication, or 2FA.
  In essence, when you log into a software portal, you are either sent a text message or email with a separate code that you must then enter to gain access. Many banks and similar websites offer this, which hopefully most of you are using. This is something you should be using for any remote access software, and if your IT company uses it, make sure they have 2FA in place and activated.

Ransomware can be devastating for any practice, and while you can’t prevent all malware from affecting you, as the old saying goes, an ounce of prevention is worth a pound of cure.

If you want a free evaluation of your practice’s technology systems, please reach out to me at drlavine@thedigitaldentist.com, our website at thedigitaldentist.com, or our toll-free number at 866-204-3398 X 200.