A little background to start: DDS Safe is a software owned by Digital Dental Record. Digital Dental record partnered with PercSoft to provide IT support to their clients as well as host the DDS Safe data in PercSoft’s Cloud Solutions. The initial hack was to PercSoft’s cloud system and pushed out to clients.
Do I need to report this as a HIPAA violation?
Here is a quote directly out of the fact sheet from the link above:
The presence of ransomware (or any malware) on a covered entity’s or business associate’s computer systems is a security incident under the HIPAA Security Rule. A security incident is defined as the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. See the definition of security incident at 45 C.F.R. 164.304. Once the ransomware is detected, the covered entity or business associate must initiate its security incident and response and reporting procedures. See 45 C.F.R. 164.308(a)(6).
HIPAA covered entities and business associates are required to develop and implement security incident procedures and response and reporting processes that they believe are reasonable and appropriate to respond to malware and other security incidents, including ransomware attacks.
How did this happen?
In my opinion, there were failures at every level. Lets start at the top, PercSoft. They are not telling anyone how the hackers got in so we don’t know for sure how the initial attack actually happened yet. We do know that these attacks usually come from a open RDP port on the firewall or a email phishing attempt. The FBI is investigating so we will probably know soon enough. PercSoft should have had policies in place to alert them of new software being installed, rapidly changing of files, etc… these are pretty standard. So either they did not have the policies or they were not paying attention to their alerting system.
The Digital Dental Record probably had no idea before it was too late because the data is hosted at PercSoft.
How can this be prevented
The FBI has a list of things you can do to prevent ransomware attacks, see this document. I have listed some bullet points below that will help you prevent most attacks.
- Have a business grade router with current support
- Close any ports that are not needed, especially RDP ports
- Your Managed Services Company should be monitoring and logging your traffic
- Use Microsoft’s Active Directory for centralized user management and policies
- Setup File System Resource Manager to detect rapid file changing or encrypting
- Have a up to date Anti-Virus and Anti-Malware
- Pay for a better Anti-Spam filter for your email
- Make sure you have DKIM, SPF, and DMARC configured
- limit local admin access
- Keep Windows up to date
- Configure file shares with just the access the user needs
- Use policies like AppLocker to only allow specific programs to run
- Do regular security training on things like email phishing
Quick MSP will be more than happy to help you with most of these services and if there is something we can’t, we can recommend a company who can!