Dentists are remarkable individuals with much to offer and share with fellow dentists. In this section, which we call the “Masked Dentist”, we present real-life stories in the hope of shedding some light on the most commonly encountered issues in clinical dentistry and the delivery of dental care. These stories are presented by dentists of all ages, backgrounds, and experiences.
If you have an experience that could be a valuable experience for your colleagues, please be generous and consider sharing it with us and your colleagues on Oasis Discussions. We encourage you to send your stories through email, phone or by uploading your documents and pictures through our Oasis Discussions website.
All stories are moderated by the CDA Oasis Team, are edited to remove obvious identifiers, and are published anonymously to protect your identity.
The following story is presented by a general dentist:
You think you’re protected: Computer vulnerabilities are real and a serious threat to the livelihood of your practice!
It started as a normal day at the office, or so we thought…
As usual, I was busy at the back with patients and staff at the front desk were busy welcoming patients. During the course of a normal day, email is our means of communicating with patients, referring offices and others. However, that day would prove to be “special”.
A team member opened what she had thought was an email from one of our regular referring offices with the subject line ‘Invoice’ and zip file attachment. As soon as she clicked to open the email, the “zip” file started encrypting all of our databases. Not only that, it also sought all the databases housed on our network and encrypted EVERYTHING! The email contained a malware that encrypted all our data and demanded a ransome to release it.
Petrified, we thought we lost everything: all patient and other records, radiographs, periodontal charts, the office schedule! We were stunned: this is the day you think you had prepared for and protected against but, much to our chagrin we were STILL ill-prepared. How could this happen?
Our office has adopted the ‘paperless approach’ for over 10 years. Our infrastructure consists of one server with two mirrored hard drives. We schedule daily back-ups on tape drives that are removed daily from the office at the end of the day. We always run the scheduled and latest version of antiviral software on all our computers. Our information technology support team (IT) regularly reviewed our backup tapes and told us that everything looked fine.
Although we immediately shut down all office computers, it was too late to reverse the damage. Quickly, our IT team tried to restore our system, using the back-up tapes; however, the back-ups didn’t contain the original databases! My IT experts reached out to a colleague in an another IT organization; they remotely ran a program that attempted to access the most recent back-up, one hour before the corrupted email was received, but the operation failed too!
A real disaster, our worst nightmare! Not only did I feel helpless, I was humbled. I thought we did everything that needed to be done in preparation for this day, but the reality was different. There was nothing I could do!
The ‘virus’ that attacked our IT system was called “Ransomware”. Initially, when IT was attempting to fix the system, we received messages stating that we could decrypt one file for free. It was worth a try so, we chose a patient letter and within 30 seconds it was back to its original form. We ended up paying a ‘ransom’ of $500 USD in ”bitcoins”, another online nightmare as it is an untraceable service and difficult to purchase in Canada. Within 48 hours, we were completely restored and back to where we were before opening the infected email.
This was probably one of the most stressful situations I have encountered in my dental career. The medico-legal and financial implications from the fallout would have been devastating to my patients, the practice and my career. Computer security and privacy are REAL issues that we MUST be better prepared for.
Share your story if you have been in the same situation, you may help a colleague firstname.lastname@example.org
Anne Genge, CEO, Co-Founder of Healthcare Compliance Network Inc. spoke with Dr. John O’Keefe about what dentists must do to protect themselves against this and other similar situations.