From HIPAA Journal: A ransomware attack on a medical record backup service has prevented hundreds of dental practices in the United States from accessing their patients’ records. The attack occurred on August 26, 2019 and affected the DDS Safe backup solution developed by Wisconsin-based software company, Digital Dental Record (DDS). Ironically, the DDS website states DDS Safe helps to protect dental practices against ransomware attacks.
The attack did not affect all dental practices using the DDS Safe solution. Some dental practices have reported file loss as a result of the attack and others have said the decryption process did not work. With the attack coming so close to the end of the month, several dental practices have expressed concern that the attack would prevent them from processing payroll payments.
The ransom amount is unknown, but one Reddit user claims PerCSoft – or its insurer – paid $5,000 per client for the decryptor. That would put the total ransom demand at $2.5 million, which is the same as the demand for the coordinated Sodinokibi ransomware attack that affected 22 government entities in Texas earlier this month.
At least one Smart Training client was affected by this breach, and the client reports that DDS is conducting a ‘forensic data analysis’ to determine if patient data was, in fact, accessed by the hackers. Regardless of the determination, however, the incident is a data breach and must be reported by DDS.
The moral of the story: Get your Business Associate Agreements updated! Ensure that you have current BAAs in place with anyone who accesses your patient data.