Most of the regulatory guidance we provide to our customers includes a reference to “always…
A massive ransomware attack against dental offices strikes again, for the second time in five months. In late November, a ransomware attack of a third party technology company infected and locked the software systems of approximately 100 dental offices that use the company for information technology (IT) services such as data backup, network security, and voiceover-internet protocol (IP) phone services. The Colorado company, Complete Technology Solutions, was hacked with the same ransomware strain that infected the third party dental IT provider PerCSoft, which subsequently affected over 400 of its dental customers back in August 2019.
The ransomware attack left the dental offices without access to patient records, scheduling, accounts payable, and more. While the attack originated at the IT vendor company, the true victims are the dental offices, which ended up bearing the brunt of the attack.
Ransomware, in particular, is a type of malware that denies access to a computer system until a ransom is paid. This type of attack typically occurs by targeting an IT company and using its connections to its customers’ work stations and servers to insert the ransomware and encrypt files. Once the ransomware infects the computer system and encrypts the data inside it, it is most often too late. The cybercrook will then demand a ransom, often in the form of cryptocurrency, to release the data. However, even if you pay, there’s no guarantee that the hackers will live up to their end of the deal and release your data.
Small and mid-sized businesses like dental practices are often targets of cyberattacks because they are less likely to have full protections in place and devoted IT personnel to prevent such attacks. By default, a ransomware attack is considered a HIPAA breach, according to the U.S. Department of Health and Human Services, unless the covered entity can demonstrate there was a low probability the protected health information was compromised.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.