Dresner Group Blog
What We Can Learn from the Dentists Who Suffered Under REvil
Back in August, hundreds of dentist offices across the United States were hit by a targeted ransomware attack. Dentists were left without access to patient information. The hacker group compromised an IT company to gain access - and this is the third time in the last few months that hackers have targeted IT companies to gain access to their clients.
It’s time to take your security seriously, and only work with IT companies that take both your security and THEIR security seriously.
While a ransomware attack is never a good thing, there are a few lessons that can be learned from how this event has played out.
How The REvil Attack Locked Down Dentists
Many ransomware attacks are spread through phishing campaigns - some poor user is convinced to click a fraudulent link in an email, and the ransomware is in. REvil took a different approach, and compromised two software companies that had collaborated on a medical records retention and backup solution. This solution, called DDS Safe, had been pushed to dental practices, ironically promising to help protect their files from ransomware.
By breaching the DDS Safe software’s infrastructure, REvil was able to be deployed to the systems of the hundreds of United States dentist offices that had installed the software over a weekend, leaving these dentists locked out of their systems come Monday morning.
Lesson One: Backup and Data Recovery is Crucial
Let’s get one thing straight: ransomware is only a terrible hassle if a business hasn’t prepared for it. While adhering to best practices may keep out some, this case proves that you can’t protect against all attacks… after all, protecting your own business against threats is one thing, but you can’t really force your vendors to be responsible, securing their own systems properly.
In order to avoid an attack like this from derailing your business, it helps to have an insurance policy tucked away. A comprehensive and up-to-date data backup, stored in such a way that it is both protected and redundant, is something that every business today should have. Of course, this backup also needs to be accessible if (or statistically speaking, when) it is needed. If you were to ever find yourself a victim of ransomware, a good BDR strategy could be what gets you out of a jam and off the hook for a ransom payment..
It would seem that the many, many dental offices that were impacted had not prepared for this kind of data disaster, and now many are paying the price.
This includes the developers of the hijacked software, in a very literal sense.
Lesson Two: Paying the Ransom = Bad Idea
The two software companies whose creation had been hacked took it upon themselves to pay the ransom in exchange for the decrypter to the malware, and have shared it with the dental practices that have been impacted. While this is an admirable gesture, it is also a very problematic one.
For instance, paying the ransom to a cybercriminal is just giving them the reinforcement that what they are doing works, incentivizing them to continue locking down their victims’ systems. On top of that, what reason do you have to trust that the criminals who attacked you with ransomware will hold up their end and return your access to your data? This has even proved to be the case with some of the impacted dental practices, many claiming that the decrypter was a dud, or missed some of their data.
This also suggests that there weren’t viable backups kept among these practices - which means that if ransomware didn’t take out their data, it could have been lost in some other kind of disaster - from a fire to a power surge. Every business should have their data backed up with the help of their managed service provider… does yours?
Lesson Three: Not All Providers are Equally Good
Making this situation worse, this isn’t the first time that a managed service provider has been compromised to spread the REvil ransomware… it’s the third (at the time of this writing, at least). In June, several unnamed MSPs were breached and REvil was spread to their customer PCs. Another MSP was breached and leveraged to spread this ransomware to the networks of 22 counties in Texas.
In order to avoid becoming another statistic (at least in this fashion), you need to be very careful about the providers you work with. Selectivity is your ally - don’t be afraid to do some research into their record of success, their certifications, and any accolades they have earned. For instance, we’ve been certified by Cloud Verify, have ranked as part of the MSP 500 and have a wall full of credentials and certifications, Don’t be afraid to treat your provider like one of your prospective employees - they have an equal (if not greater) impact on your business’ success as anyone else you may hire.
Dresner Group can assist you in managing your technology, helping to secure your business against threats and leveraging our relationships with trustworthy providers to help securely serve your business’ needs.To learn more about what we can do, complete a quick form or give us a call at 410-531-6727