How One Dental Practice Avoided the Worst of a Ransomware Attack

tab32
August 25, 2022 | 3 min read

You have probably seen many news stories about ransomware attacks. Most report the devastating financial impact on high-profile enterprises, leading many small businesses to think they’re safe from prying eyes.

That’s far from the truth.

Dental practices everywhere are under attack every day. Sunset Technologies, a provider of dental-specific security, shares this harrowing story about a weekend of an emotional rollercoaster ride for a small-town practice.

What It’s Like For a Dental Practice To Come Under Ransomware Attack

It was business as usual on a Friday for a small-town practice until a ransom note appeared on the computer screen demanding seven bitcoins (approximately $60,000) to regain access to its data.

The team at Sunset sprung into action as soon as the client called. They quickly arrived at the practice with loaner equipment and began looking for backup data. They also determined that it was a zero-day attack, meaning the ransomware would likely have evaded antimalware software. 

Meanwhile, the inability to access its system paralyzed the dental office’s operation. The staff couldn’t check in patients or access their electronic health records (EHRs.) To add insult to injury, the dentist found that the third-party backup solution provider hasn’t backed up any data for seven months!

The owners were stuck between a rock and a hard place: If they paid the ransom, the criminal might make further demands. If they rebuilt their database and EHRs from scratch, the process would take months—impacting their ability to deliver care and generate revenue.

Additionally, if word about the attack got out around the small town they operate in, they could lose patients and even go out of business. 

An Inside Look: Mitigating a Ransomware Attack

While the owners were still in shock and distress, the Sunset team started two parallel processes to help the practice limit the damages:

  1. Explored back doors and other methods to recover the data.
  2. Tracked down the perpetrator and tried to negotiate.

Sunset implemented advanced methodologies they acquired as a member of InfraGard (a private-sector organization tied to the FBI) to analyze the network and identify the threat actor. They made contact with the criminal and started the negotiation process.

The weekend was tumultuous for the dental practice. The staff worked on Sunday to gather enough patient information to lessen the blow when Monday comes around. Meanwhile, the Sunset cyber team worked hard to maximize the chances that the practice could return to normal as soon as possible:

  1. They installed new computers and worked on multiple restoration plans to address two likely scenarios: They could get the decryption key from the criminal, or they needed to rebuild the database from scratch.
  2. They continued negotiation with the threat actor. Late Sunday afternoon, they obtained the key and started decryption. The team persisted despite the hacker’s attempt to disrupt the process.

A Sigh of Relief: Minimizing the Impact of a Ransomware Attack

Sunset Technologies’ expert approach paid off. The team restored all the data early Monday morning, and the dental office was ready to serve its patients. The total negotiated ransom was $304.55—a far cry from the original $60,000.

Sunset also reported all the information to the FBI, helping many organizations across the country avoid attacks by the same ransomware strain.

This story is far from an isolated incident. Hackers are using increasingly sophisticated techniques, and ransomware attacks against dental practices are happening more often. That’s why more practices are turning to security providers, like Sunset Technologies, to help them safeguard their data, minimize security risks, ensure HIPAA compliance, and protect their reputation.

The Sunset Core™ packages provide the appropriate protection based on your risk level through 24/7 monitoring and access to qualified technicians. They also include ongoing monitoring and server management to minimize downtime, plus a disaster recovery plan to prevent data loss from breaches.

Learn more about Sunset Technologies’ dental IT support services here.

You May Also Like

These Stories on Cyber Security

Subscribe by Email

No Comments Yet

Let us know what you think