This is an article written for Sally McKenzie’s newsletter The Dentist’s Network which can be found Here
By Patrick Jacobwith, CEO Sunset Technologies, DIA Board Member
If you are connected to the internet, this is a must read.
Imagine, it is Friday morning. You stop at the local coffee spot; your mind is on the day and weekend ahead. You are thinking about your patients, events for the kids, and chores at home. Your life is smooth right now, your business is thriving, and you love where you live.
What is any dentists’ worst nightmare? Losing their data? Losing their business? This story includes both possibilities.
Your phone rings and it is your office manager telling you the computer is not working. Probably no big deal, you head to the clinic. What happens next tears at your chest. Good people, taking care of others, are put into a terrible situation by a faceless cyber-criminal.
DIA Member Case Study
Upon arrival the doctor and staff see a ransom note on the computer asking for seven bitcoins (approximately $60,000) to get access to the data…the clinic has been hit with ransomware. This begins an distressing emotional rollercoaster.
IT Support receives the first call at 8:09am. The clinic’s system was infected with a “Zero Day” type of ransomware, which means this attack was new to the entire world. We verified the Zero Day designation with the FBI. IT Support deploys its emergency response team comprised of on-site and remote staff.
Concerned but hopeful – There are patients walking into the clinic and you have no ability to check them in or see any of the details of their appointment. The team quickly pivots to paper and stress is building. IT Support validates the cyber-attack and begins the restore process.
Concern rises – IT Support arrives and brings loaner equipment and begins to look for the backup files. The doctor has been thinking about the backup. He grows concerned because there have been no updates for some time from the outside company he uses for his backup (not an IT Support solution). He remembers receiving daily emails regarding the backups.
Shock then stressed out! – IT Support confirms, the outside company was not backing up the practice management system, only other parts of the business. The most recent backup files for the practice management software are seven months old. IT Support begins two processes on parallel paths:
- Find any back doors or other methods to restore data
- Track down the perpetrator and try to negotiate
The doctor leaves the clinic in disbelief. Desperate thoughts enter his brain. He is unable to eat yet had to attend a friend’s birthday party and pretend nothing has happened. He has called his partner and they are thinking:
Raise money and just pay the ransom. They know this could lead to more demands and more money and still not get the data back.
They live in a small town, this has put the business in jeopardy. If word leaks out they are concerned they may still lose patients or the entire business.
Was this a HIPAA breach? If so, what do we do with that?
Try to rebuild the data manually.
What happens on Monday morning?
No sleep. Stress remains constant.
IT Support Path 1 – IT Support has had no luck finding a back door. One of the doctor-owners is at a game for their child, but mentally completely absorbed with what might happen. Waiting is horrible.
IT Support Path 2 – IT Support’s cyber team has begun to track down the cyber-actor. There are methods that have been deployed and developed as a member of Infragard (a private sector organization tied to the FBI) to track down cyber-actors.
With cyber actions, in general, there are two possibilities i) a larger organized crime entity or ii) an individual. In this situation the team caught their first break, the cyber-actor was an individual, larger organized crime entities do not typically negotiate. In these situations, the clock has started, which is usually 36 hours. Also, payment is only through bitcoin. As a result, time is critical. After fast research, an initial email is sent. The game of cat and mouse is on.
Helpless, Insecure, Depressed and more…
The doctors call an all-staff meeting on a Sunday. The situation is dire. The entire team digs through the garbage, they look through all paper files to try to lessen the blow and solve Monday. The team does find one ray of sunshine: the clinic uses an online appointment reminder company and have one-week’s information! They can at least deal with Monday, yet the larger questions remain. The team goes home after several hours at the clinic. The doctors are still full of doubt and continue to wait.
IT Support Path 1 – New computers have been put in, the team is working on restoration plans, either if they receive a key, or if they need to rebuild. The team is in constant and close communication with the doctors, which at least provides some sense of relief.
IT Support Path 2 – The cyber team has been playing email cat and mouse with the cyber-actor through the night. The negotiations have been fruitful, break-throughs have occurred. Late Sunday afternoon, the decryption key was received, and the process began. IMPORTANT NOTE: the game is not done, because the cyber-actor can still disrupt the decryption. The conversations are continued while the lengthy process of decryption is performed.
Very early Monday morning, the data is restored. The cyber-actor realizes he has been beaten – until another day.
The total negotiated ransom: $304.55
Back to the Zero Day designation: IT Support also reported all of this information to the FBI (IGuardian), which resulted in helping many organizations across the country.
The doctors have avoided a potentially catastrophic event to their business. The rollercoaster of the weekend is behind them. One doctor commented after, “I feel like I lost one year off of my life!”
We roll the clock back on this story. The clinic decided to stick with a separate backup solution from the IT Support recommendation. Unfortunately, as hackers become more sophisticated, situations such as these happen more often. Let a qualified IT Support team, like those in the Dental Integrators Association, help you to minimize your risk. The DIA is an organization dedicated to educating IT professionals. We want to be sure you have cutting edge knowledge on your side, let us help you!
Patrick Jacobwith is the CEO of Sunset Technologies a multi-state organization based in Minnesota. Patrick is also the President of the Dental Integrators Association. He believes in excellent service and building healthy and productive relationships. Patrick’s core values are built on three words: Service, Humility and Love. Patrick can be reached at firstname.lastname@example.org