The Big Brush Blog | Treloar & Heisel Insurance Products for Dental Professionals

What You Can Do in Case of a Ransomware Attack on Your Dental Office

Written by Amy Carbone | Sep 16, 2020 1:00:00 PM

Juggling the demands of a busy dental practice is hard enough with day-to-day duties. The constant threat of cyberattack is another layer that makes business management difficult, especially for dentists. 

This threat is perhaps most notable with ransomware, a type of malicious software (malware) that encrypts your internal system’s data so that you can't access it. 

The criminal responsible can hold an entire network “hostage” and demand that you pay a ransom to decrypt the files and save them from deletion. 

Like most malware, ransomware enters your system through a security hole, like a software program that hasn't been properly updated. Because you or a team member can also introduce ransomware to your system unknowingly, awareness is the first line of defense against ransomware. 

You can make it part of your practice’s policy that employees cannot open email from unknown outside sources. You can hire IT experts to install secure firewalls and email filtration systems for your whole team. You can take any number of additional precautionary measures to try to ensure your digital files are safe and HIPAA-compliant. 

But what happens if those safeguards fail? 

Here are some ways you may deal with ransomware if you encounter it.

The Worst Outcome: Losing Your Vital Files

Losing vital files — like patient and personnel records — is generally the worst-case scenario. 

You may be able to mitigate that loss if you backed up these files to a secure, offline location, but the ransomware criminal could still have copied these files after encryption. 

Unfortunately, it’s all too possible for dental offices to have to shut down because of a ransomware attack that erased all of their patient files, among other vital information.

Even worse, the information encrypted by a hacker may also constitute a HIPAA violation or other legal issues if it appears that the hacker opened and read patient files. You may need to review these issues with a legal professional.

The Time-Sensitive Outcome: Paying the Ransom

Simply paying to get your files back may seem like a good solution if you want to get rid of the problem as quickly as possible. 

Unfortunately, according to Norton, there is no guarantee that the hacker will remove the encryption and release your files if you pay them. The Compliancy Group notes that only one-third of people who pay the ransom end up getting their files back. 

Some professionals claim that paying the ransom could encourage the hacker to ask for more money and re-target you in future attacks as well.

It’s also important to note that “paying” the ransom isn’t always as simple as it sounds. Criminals may require payment in different currencies, including Bitcoin, which can be challenging to acquire and use. 

A Positive Outcome: Hiring a Programmer to Crack the Ransomware

Because ransomware has become so common, it’s also common for cybersecurity professionals and freelancers to “solve” ransomware for a price lower than the cybercriminal demands. 

Ransomware may seem complex on the surface, but many of the encryption programs are simple, beginner-level programs that require a little bit of know-how to beat. The cybercriminal is often counting on you to react out of stress and frustration and simply pay them, rather than seeking a more affordable solution. 

Hiring a professional to remove the ransomware from your system, or even learning to remove it by following an online guide, may be the smartest and most cost-effective fix because you don’t allow the cybercriminal to win or profit. 

It can also help if you prepare for and preempt future cyberattacks of this nature.

Preparation: Data Breach Insurance

Data breach insurance is an important option for every dentist to protect themselves from the potential fines, expenses, and complications that can result from a ransomware attack. 

Data breach insurance is typically added to your business owner's protection policy. It serves to mitigate the costs associated with data theft or loss, and may include legal fees, public relations, credit monitoring, and notification services. 

A data breach protection policy may even include preparedness and response services in the event of a ransomware attack so that you know both how to prevent an attack and what precise actions to take immediately following one.

If you've been subjected to a ransomware attack, you know how important it is to protect yourself from both cybersecurity and insurance standpoints.

You'll want to consider taking concrete steps to make sure your systems are protected and pursue data breach protection for the future. 

Learn more about data breach protection and how it can help your dental practice

Treloar & Heisel and Treloar & Heisel Property and Casualty are divisions of Treloar & Heisel, LLC.

Insurance products are offered through Treloar & Heisel, LLC.

Treloar & Heisel, LLC. and its divisions do not offer legal or information technology (IT) advice. Please consult a professional concerning these topics. This content is intended for general informational purposes only and is not to be construed as advice.

20-075