A Reno-based dental practice in has been hit by a ransomware attack that denied access to dental records and images for five days.
The malicious software was installed, during a ransomware attack on October 30, on one computer and one server at the Wager Evans Dental .
Ransomware can be installed on a device in a variety of ways, although most commonly attacks are conducted using email. That seems to be the case with this attack, with the practice thinking that the ransomware was downloaded when an employee clicked on a malicious hyperlink or email attachment.
IT staff and other specialists restored the encrypted files and deleted the ransomware, although the process took approximately five days. Access to patient records and images was possible until November 4.
The files that were encrypted by the ransomware included sensitive information like as names, dates of birth, address details, diagnoses, treatment plans, pictures, health insurance details, and Social Security numbers.
A thorough investigation of the attack was completed and while it is possible that data could have been seen by the attackers, the only intention of the attack appears to be an effort to extort money from the practice.
The review into the breach is continuing, although so far there are no indications that the attackers saw or stole PHI. Since it cannot be determined with absolute certainty that data access/theft did not happen, all patients have been alerted of the attack, and out of an abundance of caution, those people have been offered credit monitoring services for one year without an expense.
The attack has resulted in the practice to enhance its security to prevent similar hacking incidents from occurring in the future. In the breach notification notification letter, Brian E. Evans, DDS, stated “We have retained security experts and made significant upgrades to our network and computer security.