Hundreds of Dental Practices Throughout the U.S. Have Been Affected

This latest in a string of massive ransomware incidents is following the current trend: hackers compromising a software or service provider and using its products to infect their client’s systems. The software providers involved in this huge breach are The Digital Dental Record and PerCSoft, two Wisconsin-based companies behind DDS Safe, a medical records retention and backup solution used by many dental practice offices in the US.

Yet another example of a successful supply chain attack, this time crippling computer systems in over 400 dental practice offices around the United States. (The back-end systems of affected medical records retention and backup solutions have likely been hit by Sodinokibi ransomware, although some details have not yet been made public.) The ransomware attack has left some dental offices dead in the water, with one McFarland dentist quoted by CNN as saying: “We have no access to the patient charts, schedule, x-rays, or payment ledger. The doctor cannot do proper treatment without a chart history and x-rays.”

According to statements released by the creators of DDS Safe, the ransomware virus hit a remote data management software on Monday, August 26. DDS Safe uses this software to back up its client data and encrypted files — that’s the records of hundreds of dental practice customers who rely on the popular solution.

Ransomware attacks involve the malicious encryption of all files on the targeted computers. Hackers then demand a ransom (usually in untraceable cryptocurrency) in exchange for decryption of the locked files. A source impacted by the ransomware told ZDNet that The Digital Dental Record and PerCSoft opted to pay the ransom demand. The companies have since been sharing the decryption tool provided by the hackers with impacted dental offices. The recovery process has been slow, and some dental offices have reported that the decryption tool did not work, or that it failed to unlock all of their data.

It’s now painfully obvious that hackers are doubling-down on supply chain attacks because they are — unfortunately — an easy way to reach multitudes of valuable targets. How secure are your software providers? How well protected is your IT company? Don’t let cybercriminals find their way to you through your service providers!