Based on my experience in network support at TechCentral, a lot of dental practices believe they won’t get infected by ransomware and that their practice data is safe. What they don’t realize is that everyone can be a target of ransomware, especially if you are a small business. That’s why it’s best to always plan ahead and be ready. It’s a matter of changing one’s mindset from “this probably won’t happen" to "what do I do when this does happen?"
In this article, I discuss the evolving threat of ransomware, what you can do if your practice network gets infected, and the 3 preventative “must-haves” prior to an attack.
What is Ransomware?
Ransomware is a form of computer malware that locks up your computer data using encryption and demands that you pay a ransom to receive the decryption key to regain access.
What to Know about Evolving Threats
The good news is that dentists are becoming more aware of the real threat ransomware poses. Awareness can help prevent future attacks. Unfortunately, different versions of ransomware can stick around for a long time; and they continue to evolve. In fact, there’s still a worm from the 90s floating around online.
I once saw a ransomware infection that came in through a Google add-in, but overall, the majority of ransomware threats come in as links in email. Threats that can also appear in the form of false support or scare tactics that trick the user into installing malware and phishing tools. About 2 months ago, an office called in with an attack from a browser hijacker who claimed to be from Microsoft and told them to call a number for support. Fortunately, the office called us instead. The pop-up had told the office that their data had been encrypted, but I found that it was just a browser window that popped up with a message. After scanning the computer and checking all other data to be sure, I was able to eliminate the threat.
I have also seen versions that ask for less money with the mindset that the dental practice will be more inclined to just pay it, instead of going through the hassle of restoring their data. Others will have timers that charge $500 within the first 24 hours and then it increases the longer you take to pay the ransom.
What to Do When You’ve Been Infected
If your network has already been infected with crypto-ransomware, you typically have 3 options:
1.Restore from your backup, if you have one. The TechCentral support team can typically restore from any backup you have; however, keep in mind that these backups may be outdated if they’re not updated regularly. With the TechCentral Hybrid Backup Service your backup is monitored to help avoid an outdated backup. Unfortunately, if you don’t have a backup, there’s nothing to restore which leaves you only with the two remaining options.
2. Wipe your hard drive and start over. With this option, you lose all of your patient data and files, which makes this the least desirable option. TechCentral can send a tech onsite to first inspect the network and then reinstall Dentrix, Windows and server software to at least help you get back up and running.
3. Pay the ransom. This option is discouraged by most organizations and should be the last resort because there’s no guarantee that you will get your data back. Remember, when you give in to ransomware demands, you are paying criminals and there’s no way of knowing if the virus is truly gone, if they will give back all of your data, or if they will demand more money. If you choose this option, TechCentral support is not able to assist in the process.
Three “Must-Haves” Before a Ransomware Attack
1. A reliable redundant backup. I absolutely love the Hybrid Backup Service from TechCentral because it stores multiple backups automatically, both locally and in the cloud. The data is encrypted using Advanced Encryption Standard (AES) 256-bit encryption, and if you ever lose access to your data completely or in part because of ransomware, the Hybrid Backup Service is designed to help recover your practice management software and data quickly.
2. A business-grade firewall with multiple layers of security. The WatchGuard T30 with a security bundle is available through TechCentral and consists of different security layers working cooperatively with one another to dynamically detect, block and report on malicious traffic while passing benign traffic through as efficiently as possible.
3. Staff members educated in ransomware prevention. Your staff members are on the frontlines of defense, and they need to watch for suspicious links in their emails. For instance, if you know for a fact that your office did not order $4,000 worth of items online, don’t click on that link. Sometimes the message is more subtle and simply says "click here to view your invoice details.” I’ve also seen ransomware arrive as a link to an online resume, trying to trick offices that are actively hiring. It is important that your staff stay vigilant in detecting these potential threats. Learn more about how to stop Ransomware in its tracks by clicking here.
In summary, dental practices should always take precautions against ransomware. While anyone can get infected through email, hackers often specifically target small businesses, especially dental practices, with the hope they aren’t prepared. They think these businesses are most likely to pay to get their data back because if they don’t, it can destroy their entire practice.
Take the first step in ransomware prevention by scheduling a free technology assessment performed by a TechCentral technology professional who will evaluate your networks, servers, firewall, and more. Call 844.206.1228 to schedule your assessment today.
About Jamie Lamphere
Jamie Lamphere is a Network & Hardware Tech II at Henry Schein TechCentral, where she provides IT support to dental practices and is a trainer for the Network & Hardware and Digital Imaging support groups. Jamie has over a decade of experience in IT, networking, and medical fields, and she uses her wealth of knowledge to help practices so they can remain focused on their patients.
This article is paid for by Henry Schein TechCentral. Certain components of the products or services described above are provided by third parties. Henry Schein, Inc. and its affiliates are not responsible for, and expressly disclaim, all liability for damages of any kind arising out of the use of those third party products or services.