Data breach protection has to be handled with tools such as firewalls and encryption, but what chance does a small dental office have of protecting itself when giant corporations, government agencies, and banks can be been affected? This is where professional help comes in.
“Hello, This is Rick from your computer monitoring center, and we just detected a virus in your system. Follow my instructions as fast as possible so your whole system won’t crash.”
The unsuspecting staff member on the phone is put into a panic by this professionally trained caller.
“Just open a browser and type in this code and then relog into your practice management system,” Rick says.
The staff member replies, “It didn’t work. I can’t log in.”
“No problem,” Rick says. “Just give me a credit card and for $500 we can fix it.”
Or…a popup box appears on the computer screen saying something like “Your files are encrypted; click here to reset,” and the scam begins, with onscreen messages instructing how to pay for the “fix.”
|DDS Rescue’s backup unit.|
What “Rick” is doing in the dialogue above is engaging in “ransomware,” and there are several similar methods of hitting your office with this scam. It has many incarnations, from phone calls and emails to tricky techniques, and it is worse than a virus. Your system will be corrupted, file names will change, and nothing will seem to work. This can also come into your system with fake emails that look official—company logos, etc—which is called phishing. When this “program” is installed on your computer, it often takes over the main screen and has a voice stating that your computer has been infected and to call the number on the screen to get it fixed. This voice message may repeat indefinitely, locking up the system, and sometimes you may just have to literally pull the plug.
In the above ransomware example, why only $500? These scammers work on volume; 10,000 systems will yield a quick $5 million, and that is being conservative. And this is not just a dental office issue; these scammers target homes, businesses, and in the town near me, the police department. They also prey on senior citizens who may not be too computer savvy and just go along with the script being read to them.
There are scammer programs with names like Cryptolocker and Cryptowall, and according to Bloomberg, they can now disable your cell phone. And antivirus/malware/spam programs of some firewalls do not protect you from this since the user is entering the data “voluntarily.”
I spoke with Jim Flynne, chief security officer and vice president of Carbonite (carbonite.com), a wellknown cloud backup company, and he explained that Carbonite’s service notices when a client suddenly begins rapidly backing up hundreds of files. (Carbonite is a realtime file backup service.) This is the malware program changing file content (through encryption). Carbonite’s staff works with users to identify the exact instant of infection so files can be restored from a clean version prior to encryption.
Keep in mind that ransomware is not necessarily interested in stealing your data —ransomware scammers make their living through disruption and their “fix” fees.
We also have to watch for data breaches. According to Steve White of DDS Rescue (ddsrescue.com), we have to be concerned with viruses and ransomware, but there are other hackers working in synergy with these ransom scammers that can cause even more havoc. HIPAA rules and fines can close your office down, and remember this—we store birthdates and Social Security numbers. Think of the recent IRS fake refund scams and the Target retail chain breach to see where that can go. Data breach protection has to be handled with tools such as firewalls and encryption, but what chance does a small dental office have protecting itself when giant corporations, government agencies, and banks can be affected?
This is where professional help comes in.
Backups are partly an answer, but keep in mind that without a proper strategy, you may be backing up data already containing a virus. Also, if your computer is totally disabled, what’s needed is more than just reentering the data—the computer/disk has to be totally wiped clean (reformatted), and all the programs (including operating systems like Windows) have to be reinstalled from scratch, which is not an easy task.
And with regard to your practice management system, it will have to be reinstalled from scratch. One proactive solution is a backup system that takes a snapshot (image) of your hard drive at various intervals and keeps several copies dating back weeks. This way, you can go to a backup dated before the trouble started. A backup service like this is offered by Carbonite, which—in the consumer version—simply backs up any data that you choose automatically and dynamically as soon as a file is added or changed. It also keeps copies of the old files.
For a business, however, Carbonite offers better options that include taking the aforementioned image of your server or workstation(s), allowing damaged hard drives to be correctly reformatted. A new option even includes putting an actual device in the office that keeps copies of the backups. Details are on Carbonite’s website.
A more robust solution for business continuity comes from DDS Rescue, which uses constant data and image backups, firewalls, onsite hardware backup, and cloud versions as well as remote monitoring. The company proved to be a true practice saver when office systems were recently totally destroyed in floods, hurricanes, and even thefts. More information is available on DDS Rescue’s website.
These are just 2 examples of products in the marketplace. Many dental IT companies offer more personalized solutions, including remote monitoring. Savvy practitioners might think about creating this system on their own, but in this day and age, I believe pros should handle this, and you should stick to teeth. The bottom line is this: none of these companies are as expensive as data loss, recreation of a server, possible fines, and loss of business. Meet with your staff, discuss this topic, and make them more diligent.