Ransomware: You’ve heard the term, but do you know how it threatens the data security of your dental practice? For more insight on this timely topic, Dental Product Shopper caught up with Jamie Lamphere, a network and hardware technician at Henry Schein TechCentral. Here, Jamie shares her experiences on the frontlines of data security for dental practices.
DPS: On Friday, May 12, a widespread ransomware attack wreaked havoc on organizations around the world, including UK’s National Health Service (NHS). This resulted in cancelled operations and unavailable patient records. How can health organizations, specifically dental practices, protect themselves against increasingly sophisticated attacks?
JL: The ransomware attack on Friday, May 12, being called the “WannaCry” virus, has been reported as one of the largest recorded extortion attacks to date. This attack was widespread and has reportedly affected at least 100,000 organizations in over 150 countries around the globe. Although our customer base, from what I’ve seen, has primarily been unaffected, there have been numerous calls from dental offices concerning this attack and wondering how they can better protect their network to avoid future attacks.
The first thing I would recommend is always making sure they have a redundant data backup strategy. If they do get ransomware, their backup is what will help restore their data.
Other tips include:
-> Do not open suspicious emails
-> Be suspicious of any email attachments
-> Restrict web surfing on the office network
-> Do not allow staff members to connect their personal devices to the “secure office” network
-> Run updates on all systems on a regular basis
-> Make sure you have up-to-date antivirus software on every computer
DPS: Based on your experience working with dental offices, what’s the biggest “hidden” vulnerability to a ransomware attack, and what should dentists/staff do to mitigate their risk?
JL: One of the biggest vulnerabilities would actually be the office staff. According to our security partner, WatchGuard Technologies, nearly 80% of all malware attacks come from “phishing links” within an email or on a website. Although the “WannaCry” virus was a result of not updating an operating system, the people who write these kinds of viruses are usually dependent on the victim clicking on a link.
One thing an office can do to make up for that vulnerability is to have a dependable backup. You can never be 100% virus-proof. You can, however, be disaster-ready and minimize the recovery time.
DPS: Recent studies revealed that more than 50% of SMBs have fallen victim to ransomware. Is the number of dental practices affected by ransomware similar to SMBs as a whole?
JL: Although I do not have exact numbers, I can say that the number of ransomware cases have increased dramatically since I started working for Henry Schein in 2014.
DPS: Half of victimized SMBs seems like a large number and many of these businesses already have virus protection software. Why is antivirus protection software not enough? What other tools should dental offices consider?
JL: Although it is essential to have a powerful antivirus software, many viruses are being written to bypass these solutions and new variants are continuously being released. Antivirus companies are simply unable to keep up in some cases. The best tool is knowledge and vigilance. Since the large number of these infections come in through office emails, it is important that your staff be aware and alert for the common signs of ransomware or other viruses.
Some things to look for in a suspicious message are:
-> File attachments or links to strange websites, for example UPStrackinfo.ru
-> Messages appear to be from a legitimate company but with a strange address like AmazonOrders@yahoo.com
-> Shipment notices for orders you didn’t place
-> Emails containing strange wording or grammar?
So, if you’ve received a suspicious message, I would recommend:
-> Not opening any links or file attachments
-> Contacting the sender using a published phone number or email address.
-> Delete any message that you are unable to confirm the legitimacy of
DPS: Can you share a story/example of a practice that used the TechCentral Hybrid Backup Service to back up their data and was the victim of a ransomware attack? How did the attack happen and what was the outcome?
JL: Recently, there was one office that contacted Tech Central because they had been infected with ransomware. It was a classic case of clicking a link in a phishing email. Luckily they had the TechCentral Hybrid Backup solution which had stored individual backups locally and in the cloud. This saved all of the office’s data and quite possibly the practice. We were able to go back to a restoration point from the day before the infection and restore their data. I honestly feel that the hybrid backup service is one of the best ways to prepare for a disaster such as ransomware.
Thanks to Jamie for sharing these valuable tips with us. To learn more on how to help protect your practice from the devastating effects of ransomware join TechCentral on June 14th for a free webinar. Visit www.HSTechCentral.com/webinar to register. You can also learn more about TechCentral Hybrid Backup Services at www.HSTechCentral.com/ransomware.
About Jamie Lamphere
Jamie Lamphere is a Network & Hardware Tech II at Henry Schein TechCentral, where she provides IT support to dental practices and is a trainer for the Network & Hardware and Digital Imaging support groups. Jamie has over a decade of experience in IT, networking, and medical fields, and she uses her wealth of knowledge to help practices so they can remain focused on their patients.
This is a paid article for Henry Schein TechCentral. Some of the product(s) and/or service(s) described herein are provided by a third party. Henry Schein, Inc. or its affiliates (“HSI”) make no independent assessment of the content and descriptions provided by such third party and this advertisement does not constitute an endorsement by HSI. HSI is not responsible for, and expressly disclaims all liability for, damages of any kind arising out of such third-party products or services.