A dental consultancy in Reno, NV has undergone a ransomware attack that stopped dental images and records from being retrieved for 5 days.
Wager Evans Dental underwent the ransomware attack on October 30, 2017. The malevolent software was fitted on one computer as well as one server utilized by the consultancy.
Ransomware can be fitted in many ways, even though most usually attack happen through electronic mail. That seems to be the situation with this attack, with the consultancy doubting ransomware was copied when a worker ticked on a malevolent hyperlink or electronic mail attachment.
IT workforce and other specialists restored the encoded records and removed the ransomware within 5 days. Access to patient files and pictures was not reclaimed until November 4.
The records encoded by the ransomware had confidential information like names, addresses, dates of birth, treatment plans, diagnoses, health insurance information, images, and Social Security numbers.
A complete inquiry of the attack was carried out and although it’s probable that data might have been seen by the assailants, the only purpose of the attack seems to be an attempt to extract money from the consultancy.
The inquiry into the breach is continuing, even though thus far there are no signs that the assailants saw or thieved PHI. Since it’s impossible to decide with complete certainty that data access/theft didn’t happen, all patients have been alerted of the attack, and out of an abundance of care, those people have been provided free credit checking services for one year. The breach report presented to the Division of Health and Human Services’ OCR shows up to 3,898 patients have possibly been affected by the event.
The attack has encouraged the consultancy to increase its security to avoid similar events from happening in the future. In the breach notification letter, Brian E. Evans, DDS, said “We have booked safety specialists and made substantial upgrades to our computer and network safety.