The ransomware attack was carried out by the Conti ransomware operator in November 2020.
A dental clinic in Georgia, Galstan & Ward Family and Cosmetic Dentistry, suffered a ransomware attack. Interestingly, the facility discovered it after the attackers called to inform them about the attack.
Drs. Galstan and Ward did notice that their computer systems displayed some anomalies. However, they ignored it and called in an IT expert to wipe the server and reinstall it from backup. They didn’t detect any data loss, and the service wasn’t disrupted either.
Then they received a phone call from the attackers and learned that their server was accessed, and several files were later posted on the dark web. The group also demanded a ransom from Drs. Galstan and Ward.
After identifying the ransomware attack, the practice contacted outside counsel and engaged a cyber-security firm to carry out forensic analysis and determine the best remediation services.
The practice issued a notification to its patients on Nov 13th, 2020 explaining that the intrusion occurred between Aug 31st and Sep 1st; they learned about it after the hackers informed them about the security breach.
On Sep 11, according to Databreaches.net, they found out that many of the files stored on their server were posted on a dark web website. The practice confirmed that none of the stolen files contained patients’ data.
However, they will offer the affected patients free identity theft restoration and credit monitoring service through IDX.
The security firm assessed the restored server and confirmed that it was free of malware. They couldn’t find any evidence that confidential patient data stored in the facility’s software systems were accessed or stolen.
Reportedly, at least 10,759 patients have been impacted by the incident. On Nov 6th, the HHS was informed about the attack.
Further probe revealed that Conti threat actors were responsible for the attack since the Conti ransomware strain was used to compromise the dental clinic’s server. After gaining access, the attackers uploaded 20 files as proof of access.
However, the practice claims that the files didn’t contain PHI but just the dental office’s Dentrix system’s documents and file templates.