Wager Evans Dental practice, based in Reno, NV, has experienced a ransomware attack that cut off access to dental records and images for five days towards the end of 2017.
The ransomware attack happened on October 30, 2017. The ransomware software was installed on one computer and one server used by the Dental Clinic.
Ransomware can be installed by hackers using many different methods, although most commonly attacks using email. That seems to be what happened in this case, with the practice suspecting ransomware was installed when an employee clicked on a malicious hyperlink or email attachment in error.
IT staff and other experts restored the encrypted files and deleted the ransomware from their servers, although the process to do this took five days. Access to patient records and images was not restored until November 4.
The files encrypted by the ransomware included sensitive information like names, dates of birth, addresses, medical diagnoses, treatment plans, images, health insurance data and Social Security details.
An in depth investigation of the attack was completed and while it is probable that data could have been downloaded by the cyberattackers, the sole aim of the attack appears to be an extortion attempt.
The investigation into the breach has not come to an end yet, although so far there are no indications that the cyberattackers viewed or obtained PHI. Since it is not possible to determine with outright certainty that data access/theft did not happen, all patients have been notified of the cyberattack, and out of an abundance of caution, those people have been offered credit monitoring services for 12 months without cost.
In the aftermath of the attack the Wager Evans Dental practice to enhance its security to prevent incidents of this nature from occurring again. Brian E. Evans, DDS, said, in the breach notification correspondence, “We have retained security experts and made significant upgrades to our network and computer security.