Recent ransomware attacks may cause anxiety about protecting practice information, but there are tools and tips to keep you safe.
As I write this article, the most popular tech-focused news story concerns the thousands of businesses that were hit with ransomware due to vulnerability in a software used by many IT companies. I have received numerous emails and calls from my clients about the Kaseya ransomware breach, which is estimated to have affected at least 40,000 computers. Here is a small FAQ designed to assist dental offices in understanding how this breach may affect them.
What is Kaseya VSA?
Many IT providers have moved to what’s called a managed services provider (MSP) model. One of the main components of these services is remote monitoring and management (RMM). We use this software to provide security patches for software, as required by the Health Insurance Portability and Accountability Act (HIPAA), and also to remotely connect to our clients’ computers to provide ongoing support. If you are a client of mine and have our Netwatch service, then you know what this is. Fortunately, we do not use the Kaseya system, which is one of the largest RMM vendors.
Why did the attackers target IT companies?
Most of you have probably heard of the 400 dental offices hit with ransomware in 2019. This is exactly what happened here: The attackers gained access to the IT company’s portal and can now push out ransomware to hundreds or thousands of computers simultaneously.
Was my IT provider affected?
Possibly. If they use Kaseya, and they use the version that Kaseya hosts in their offices, then yes, they may have been hit. You should speak with your IT company immediately if you suspect the use of Kaseya to manage systems remotely.
Was my IT provider at fault?
No. Regarding the 400 dental offices back in 2019, the answer was yes, as it was shown the provider had not activated proper security protocols such as 2-factor authentication. This is when, after entering your username and password on a website, you are sent a second code, either by text or email, that must be entered to gain access to the portal. You should make absolutely sure that your IT provider is using 2-factor authentication, no matter which software system they use. However, in this specific case, it was due to a vulnerability in the software code, and neither Kaseya nor the IT companies were likely aware of it before the attack.
So how can I protect myself?
Previously, I highly recommended 3 steps to offices to prevent a ransomware attack and have added a fourth. The first 3 are the following:
Invest in a business-class firewall such as Sophos or SonicWall. The firewall built into your modem or router isn’t all that great.
Install ransomware-specific software. I like Intercept X, but HitmanPro is also good. Have an IT company set it up for you.
Patch all your software and keep it up-to-date.
What’s this fourth step, and why do you recommend it?
We recently emailed our clients about the need to use software that does application whitelisting and ring-fencing. Basically, even if some ransomware does make it through your defenses, if you prevent unapproved programs (like a virus) from even running, your data will be safe. This is called ThreatBlock.
Where can I get more information?
Visit my website—thedigitaldentist.com—and fill out the free consultation form. Or simply email me at firstname.lastname@example.org.