Ransomware Attack Hits 400 Dental Offices Across the US

A ransomware attack has shut down computers in dental offices across the US.

The attack struck on Monday morning by targeting The Digital Dental Record, a provider of IT software to dental practices. Specifically, the ransomware hit a "cloud remote management" system related to the DDS Safe product, the company said on Facebook.

"We worked feverishly with the software company to shut it down and remove the threat, but many of you were hit in the process prior to them removing it and locking down the system," The Digital Dental Record said on Tuesday.

About 400 dental practices have been affected nationwide, the company told PCMag. The news was first reported by local media outlet WISN 12 News.

Ransomware attacks infect a computer and encrypt all the information inside. In theory, paying a ransom to the hacker—usually in Bitcoin—will release those files. We don't recommend ever paying a ransom as it could incentivize more attacks, but some healthcare and city IT system operators have done so out of desperation. Demands have reached into the millions.

In this case, there's evidence to suggest The Digital Dental Record decided to pay the hackers. A mere day after the outbreak, the company and its IT partner, PerCSoft, quickly obtained decryptors that can fix computers locked by ransomware.

One user who received the decryptor posted on Facebook the decryption program is called "REvil," a ransomware strain that also goes by the name Sodinokibi. Despite the decryptor, it can take hours to release a computer. In the meantime, The Digital Dental Record and PerCSoft have been inundated with calls from affected dental offices.

"The main reason we are slow or unresponsive is that people are emailing and calling 20 or 30 times a day," PerCSoft said in a statement to affected clients. The company's Facebook page has been filled with user complaints about the slow response times.

"More and more lost hours and revenue with patients getting more and more frustrated. Very embarrassing for all of us. STILL no decryption running on our server," wrote one user. "This will make for a fun holiday weekend of catch up if our system gets restored."

"I hope you understand that our offices are not seeing patients and therefore generating no income which trickles down to our employees," wrote another user.

A big question is whether patient data, which can include Social Security numbers and other personal information, was stolen in the attack. The Digital Dental Record has so far only said: "This was a virus attack, not a data hack. No data is accessed or moved in these instances, it is locked and then has to be unlocked."

If you're hit by an attack, it's best to find out which ransomware strain infected your computer, and to check whether the IT security community has developed a free decryptor for it.

The Digital Dental Record told PCMag so far about 100 dental practices have fully or partially recovered from the attack. However, the company has remained mum on which ransomware strain was involved and if the hackers were paid off.

"We deeply regret the frustration and inconvenience this has caused our clients, and we are working diligently with them and the software company to restore files as quickly and completely as possible," the company said. "Restoration is a slow and methodical process that could take several more days to complete. Additionally, we are actively communicating with clients to answer questions, facilitate contact with appropriate insurance carriers and address other business concerns."

"In conjunction with law enforcement, we are actively investigating the incident and will provide more information when we are able," the company added.

Editor's Note: This story has been updated to include information about the decryptor and a statement from The Digital Dental Record.