Data breaches unlikely in August ransomware attack
October 07, 2019
An investigation into the ransomware attack
that affected hundreds of dental practices in August found it likely did not compromise any patient information, according to a report
released Oct. 4 by the Wisconsin Dental Association Insurance and Services Corp.
The Aug. 26 attack impacted DDS Safe, a data backup system offered by The Digital Dental Record, and PerCSoft Consulting LLC, a technology provider in the dental industry. The Digital Dental Record is a service provided by the Wisconsin Dental Association Insurance and Services Corp., a subsidiary of the Wisconsin Dental Association. Only a portion of the impacted practices were customers of DDS Safe, which facilitates secure data backups for dental practice computer systems.
"This incident has been incredibly complex and frustrating for those impacted," the corporation stated in an Oct. 4 letter
to DDS Safe clients. "However, after an extensive investigation, [the corporation] has concluded that the Aug. 26, 2019, incident has a very low probability of data compromise under applicable state or federal law and is therefore not a data breach under applicable law."
Ransomware is a type of malware that denies access to a computer system or data until a ransom is paid. Law enforcement does not recommend paying a ransom, but it is ultimately up to businesses to decide if the risks and costs of paying are worth the possibility of getting their files back, according to the Federal Trade Commission.
Given the number of practices impacted, PerCSoft elected to pay the ransom, according to the letter. As of Oct. 4, most practice systems had been restored.
The attacker was able to deploy the ransomware by using the credentials of a PerCSoft employee, possibly stolen through a phishing attack or compromise of another system in which the password had been used, according to the report.
While the attack qualifies as a "security incident" under applicable federal laws, the corporation has concluded it is not a breach under applicable state or federal laws, the letter stated.
The ADA Center for Professional Success offers several ways member dentists can protect themselves against cyber attacks.
Examples include training staff on basic data security, backing up data regularly and keeping a copy off-site, being wary of attachments and web links included with suspicious emails, and maintaining cyber defenses such as anti-virus and anti-malware software.
To learn more, visit Success.ADA.org
The ADA also offers a continuing education course related to ransomware at ebusiness.ADA.org