Palo Alto Online is reporting that a Palo Alto, California, dentist’s database was hacked and the hacker is holding the contents for $3,000 ransom, according to the Palo Alto police department.
The unnamed dental office was hacked sometime between April 10th and 13th of this year, but the dental practice didn’t report the hacking incident to police until June 5th.
The hack was discovered by a system scan that picked up on the malware and the ransom message, which included an email address to arrange for payment of the $3,000.
Sgt. James Reifschneider of the Palo Alto police department told Palo Alto online, “The files that were compromised were X-rays and associated notes. No personal identification information was taken as far as we know. This type of cyber attack is not unusual in the IT world. The hacker typically freezes or corrupts data and generates an automatic message. If the victim wants to regain access they must remit a ransom.”
The dentist has no intention of dealing with the hacker and contacted an IT service provider to try to reconstruct the missing database.
Hackers like to target small businesses because they know that the small business owner typically does not have the resources for more sophisticated (and more expensive) security defenses and they can be lax about their Internet use policies for employees.
Many small business owners allow their office staff to use office computers to check personal email and visit non work-related websites on the Internet without a restrictive firewall in place.
The Wall Street Journal reported that in 2010, the U.S. Secret Service and Verizon Communications, Inc.’s, forensic analysis unit, which investigates cyber attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.
How can a dentist secure patient data in a digital world?
1. Set up and enforce a strict computer and Internet use policy that restricts employees from reading and downloading personal email while using an office computer.
2. Hire an experienced IT company to set up a strict firewall on your office network. If your dental practice uses wireless, have the IT company hide your wireless network from public view.
3. Train your staff on how viruses infect computers with common user habits such as forwarding personal email messages and downloading computer wallpapers.
4. Keep all anti-virus and anti-malware software updated along with computer operating systems.
5. Always create strong passwords of more than 8 characters that use mixed-case letters and include numbers and symbols. A great site for password creation is Symatec’s PC Tool Password Generator (www.pctools.com/guides/password). Passwords should not be written down under keyboards, on the front of the pc or anywhere the public can find them.
6. Keep business and home computing separate. Don’t use a laptop at home for fun and then bring it into the office for use on the dental office network. Business computers should strictly be used for business.
Fixing a cyber breach can be a costly expense for a dental practice. The Wall Street Journal story on hackers featured small business owner Joe Angelastri, who was targeted by cyber thieves who planted a software program on cash registers at his two Chicago-area magazine shops that sent customer credit-card numbers to Russia. MasterCard Inc. demanded an investigation, at Mr. Angelastri’s expense, and the whole ordeal left him out about $22,000.
With little chance of catching and prosecuting hackers, dentists would be smart to invest a little money in data security and properly training employees on what is acceptable office use of computers and email.
Have you ever had your dental office database hacked? How did you handle it?
For more on this story see: Hacker Holds Dental Office Database for Ransom