BreachExchange mailing list archives
Ransomware Hits Another IT Vendor, Impacting 100 Dental Providers
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 12 Dec 2019 09:01:42 -0600
https://healthitsecurity.com/news/ransomware-hits-another-it-vendor-impacting-100-dental-providers December 09, 2019 - Complete Technology Solutions, a Colorado-based IT service vendor for dental practices, recently fell victim to a ransomware attack, which spread to at least 100 of its dentistry practice clients, according to Krebs on Security. CTS provides those clients with various services, including data backups, network security, and vice-over-IP phone service. Several clients of CTS reached out to Krebs to report the ransomware variant known as Sodinokibi was installed on more than 100 dentistry businesses. Sodinokibi is a malware variant known to target IT managed service providers and their clients. A Coveware analysis showed the ransomware also targets larger organizations or their distributed networks through their IT MSPs or hosting internet service providers. The attack appears to have started on November 25, where it appears the hackers compromised a remote administration tool used to remotely configure and troubleshoot client offices. The function did not required further authentication by the client to gain access. CTS declined to pay the ransom demand of $700,000 to unlock data at all impacted client offices. Many providers are still reporting outages and are operating under downtime. Some dental providers are attempting to regain access to data from usable, offsite backups, but others are working with outside security experts to negotiate with the hackers to pay a ransom to decrypt the files of their own dental office. Reportedly, hackers left multiple ransom notes and encrypted file extensions at some of the infected offices, which is complicating restoration efforts. For example, one victim with 50 total infected devices received 20 ransom notes. For now, the attack is still ongoing and many of the impacted offices are continuing to turn away patients as a result of the system outages. CTS did not respond to a request for comment by time of publication. This story will updated if more information becomes available. The CTS cyberattack comes just months after a similar attack on another dental vendor, Digital Dental Record and PerCSoft. In August, a ransomware attack on the vendors’ cloud remote management software spread to at least 100 connected dental providers, which locked those victims out of their medical records. The attack lasted for more than a week, as victims attempted to unlock files using the decryptor provided by the vendor. The CTS event also bear hallmarks to the November ransomware attack on the IT vendor Virtual Care Provider, which impacted more than 110 nursing homes and acute care facilities. Hackers continue to launch ‘disruptionware’ attacks, where threat actors attempt to disrupt business and continuity through malware designed to halt operations, damage reputations, extort money, or other malicious activites. “For OT environments, disruptionware is particularly devastating when it sequesters mission-critical systems and legacy systems that lack redundancy,” according to the Institute for Critical Infrastructure Technology. “Ransomware is currently the most common disruptionware component, with incidents such as the LockerGoga ransomware campaign demonstrating that even unsophisticated malware has the capacity to bring businesses to a halt,” they added. In light of the increase of these targeted attacks, the Office for Civil Rights recently shared HIPAA-compliant techniques that can help shore up healthcare defenses. And as threat detections on healthcare endpoints have jumped 60 percent this year, so far, Malwarebytes recently stressed the need for better incident response planning and improved detection technology. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Ransomware Hits Another IT Vendor, Impacting 100 Dental Providers Destry Winant (Dec 12)