Ransomware Attack on Dental Software Infects Hundreds of Providers

August 30, 2019

Target: PerCSoft, a cloud management provider for Digital Dental Record

Type of Attack: Ransomware – Sodinokibi (REvil) strain

  • Sodinokibi, also known as Sodin and REvil, is a new strain of ransomware-as-a-service (RaaS) that replaced the defunct GandCrab service. Since its first appearance in April 2019, it has rapidly become the 4th most common ransomware strain.

Total Estimated Cost of Attack: Unknown

What happened: On August 29, 2019 it was reported that the infrastructure provider of Digital Dental Record, PerCSoft, was breached and the software was used to deliver ransomware to about 400 of its customers. The breach was discovered on Monday August 26, 2019. Digital Dental Record archives records, charts, insurance information, and more for dental service providers.

It is being reported that PerCSoft and Digital Dental Record paid the ransom and are working with all impacted Dental Offices to gain access to their files. It is unknown if the ransom was paid by insurance or by one of the companies involved in this breach. Some offices are still unable to provide services to their patients, or only have access to some of their data. Others are reporting that the decryptor didn’t work after the ransom was paid.

The frequency of these types of attacks is accelerating and, increasingly, attackers are focusing on smaller entities, such as local governments and small businesses, who are less likely to have sophisticated software protection, policies and training for their staff. Unfortunately for those targeted, because they are smaller organizations, they frequently have less ability to absorb the productivity, reputational, and cash flow hits caused by such an incident. In this situation, several of the affected dental service providers reported concern that they would not be able to make payroll this week.

What you can do: 

Be prepared.

  • Train employees on cyber security basics, such as password hygiene and ransomware methods such as phishing
  • Ensure you are keeping your software patches up-to-date
  • Always maintain current backups of your data.

Sources – Krebs on Security, ZDNet, TechSpot

Signup for our monthly newsletter to learn more about Data Protection

By completing and submitting this form, you confirm that you agree to the storing and processing of your personal data by Code42 as described in our Privacy Statement.