Yet another large-scale ransomware attack has been executed in the healthcare industry, this time targeting hundreds of dental offices through their software. Do you know how to protect yourself against this type of attack?
Dental Practices Hit By Ransomware
Are you tired of hearing about ransomware?
Well, too bad – major ransomware attacks keep happening for one simple reason: they’re effective.
Case in point – near the end of last month, hundreds of dental practices across the US were infected with malware. Over the course of the weekend, hackers penetrated the target systems, and by the time dental staffs came in for work Monday morning, their patient data was inaccessible.
How Did This Attack Occur?
Instead of targeting the dental practices directly, hackers went after a digital “bottleneck” of sorts – the developers of software that so many practices use, DDS Safe. This medical record retention and backup solution is meant to help practices manage their patient data, but the hackers turned it against them.
Who Paid The Ransom?
The developers (The Digital Dental Records and PerCSoft) were the ones forced to pay the ransom, with their many dental clients putting pressure on them to restore their access to data. As is always the case, paying the ransom didn’t immediately solve the problem – the recovery process has been long and tedious.
How Can You Protect Your Practice?
Ransomware is a type of malware that encrypts the targets data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target’s systems, making it impossible for them to ignore until they pay the ransom, or wipe the data.
That’s why any protective measures you employ should help to limit the possibility of ransomware entering your systems, as well as providing redundancies for when it does.
6 Tips To Protect Against Ransomware
Be sure to follow these 6 key tips, which are applicable to organizations, employees and individual computer users:
1. Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
2. Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
3. Train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
4. Macro scripts in office files should be disabled when sent over email.
5. Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
6. If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
DME Computer Services
8790 F St Suite#630, Omaha, NE 68127