By: Lorne Lavine, DMD
As anyone who follows me online knows, I believe that ransomware is the biggest threat to the dental industry right now. For those unfamiliar with ransomware, they are a class of malware, like viruses, that attack your computers and network. What makes them unique is that they lock your files and require that you pay a fee, or “ransom” to get the files unlocked. The ransom can start as low as a few thousand dollars, but in many cases, it’s significantly more than that.
If you live on the East Coast, then you are very familiar with these, as Colonial Pipeline was recently attacked and it caused havoc for days at the gas pumps. Other recent well-known victims include Kaseya, JBS Foods, Accenture, and as I write this, news that T-Mobile had 47 million accounts compromised is just breaking. For Colonial, they ending up paying a $5 million ransom to decrypt their files. While a company like Colonial should have had better cybersecurity in place, many dental labs don’t have the resources or manpower to have the same level of protection.
In the past, and still to this day, we take a three-pronged approach to ransomware, all which I have discussed with my clients and prospective new clients. First, we keep the bad guys out through installation of a business-class firewall and by making sure we patch all vulnerable software on our computers. For the firewall, look at models from companies like Sophos or Sonicwall; you want to stay away from consumer-level routers like Linksys and D-Link and you definitely don’t want to depend on the firewall that comes with your cable modem. For patching, talk to a good IT provider; this can be tricky to set up and is required if your lab contains any HIPAA-sensitive protected health information.
Secondly, if the virus does get in, we have antivirus and anti-ransomware software to neutralize it. While many anti-virus software vendors will tell you they do a good job against ransomware, in most cases, they don’t. I’d consider anti-ransomware software such as Intercept-X and HitManPro.
Finally, if all else fails, we have an encrypted backup we can restore from, and Cyberliability Insurance to deal with the HIPAA ramifications of the breach (yes, a ransomware infection is a HIPAA breach!). The backup should be an exact duplicate of the server to allow for quick restores. We call this an “image” of the server. You need to supplement this with offsite backup, either cloud or external hard drives or a combination of the two.
Recently, though, a new tool has been added to our arsenal that I am very excited about, and that’s called application whitelisting. Another similar concept is called ringfencing. While the term may be unfamiliar to many of you, the concept is actually pretty easy to understand. The system we use is called ThreatBlock.
All viruses, including ransomware, are just small programs; they are a series of instructions that get executed in a specific order. In ransomware, that’s usually something along the lines of hiding itself at first, then turning off your antivirus programs, then encrypting and/or deleting files, then placing a “ransom” note on each PC, etc. The way that application whitelisting works is that we run the software on your presumably-uninfected computers for a week or two. During that time, the software takes inventory of every program that is running, including your lab management software, email, third-party programs…you get the idea. All of those programs are added to the approved list of programs that are allowed to run.
After a week or two, we then flip the switch on the software from learning mode to what’s called “deny all” mode. If any program that isn’t on that approved list tries to run, it gets stopped immediately; the software will deny that and any other software from running unless it’s on the list. Basically, the ransomware cannot execute its program since it isn’t allowed to run.
The beauty of the modern systems is as an IT provider, we can accumulate the data from all our clients and build up a list of approved programs that can be applied to all dental offices. So, for example, if a lab is switching to a new program, it won’t trigger the deny mode since that software is already in our approved global list of accepted software.
The only time that a lab would deal with a temporary issue is if they are the very first client of ours to install an update to their software. Since the ThreatBlock hasn’t yet been exposed to that update, it will consider it to be an unapproved software and it won’t run. This, however, is not a big deal at all! You’d fill out the pop-up that is shown which sends us an alert, and we clear the software to be installed. The entire process takes about two minutes. The news is even better if your lab is the second or later lab to update your software. Since the first lab’s update was added to the global whitelist, it won’t trigger an alert for any future people who try to run it.
I am very excited about this technology. We have beta tested it with numerous offices; it takes less than five minutes per PC to install and everything is done behind the scenes. Most of the better systems I’ve evaluated run around $100 per location per month. It’s not cheap, but compared to all the consequences of being hit with ransomware, many will consider it a small price to pay for the peace of mind you get to sleep at night knowing you are as protected as any business out there.
Reprinted from the October 2021 Issue of the Journal of Dental Laboratory Technology (JDT)
About the Author:
Dr. Lorne Lavine, founder and president of The Digital Dentist, has over 30 years invested in the dental and dental technology fields. A graduate of USC, he earned his D.M.D. from Boston University and completed his residency at the Eastman Dental Center in Rochester, N.Y. He received his specialty training at the University of Washington and went into private practice in Vermont until moving to California in 2002 to establish TDD, a company which focuses on the specialized technological and HIPAA needs of the dental community. Dr. Lavine has vast experience with dental technology systems. He is a CompTia Certified A+ Computer Repair Technician, CompTia Network+ certified, and is a HIPAA Certified Security Professional. As a consultant and integrator, he has extensive handson experience with most practice management software, image management software, digital cameras, intraoral cameras, computers, networks, and digital radiography systems. Dr. Lavine writes for many well-known industry publications and lectures across the country.
Nice Post