A Sarrell Dental data breach has led to notification letters being sent to all of its patients after ransomware was discovered on its servers back in July. The software, believed to have been installed as early as January 2019, does not seem to have locked up the network or encrypted any files, and Sarrell Dental, the largest dental provider in the state of Alabama, did not pay any sort of ransom.
However, this is still a serious matter. Sarrell actually shut down its entire network for two weeks following the data breach and hired outside experts to investigate the discovery. The company found no evidence that any patient information was accessed, stolen or compromised, but they are not taking any chances. All individuals who were believed to have been affected by the Sarrell Dental data breach, although that total number has not been disclosed, reportedly received notification letters last month. These letters contained instructions for receiving free credit and identity monitoring for a predetermined period of time.
Medical offices are hot targets for this kind of attack due to the sheer volume of data they collect on patients. Also, the resulting fines and lawsuits related to privacy violations and interruptions to patient care can lead many providers to simply pay the demanded ransom, which can lead hackers to strike in hopes of a nice payoff.
Unfortunately, as some organizations have already learned, paying the ransom in this kind of event does not guarantee the files will be unlocked or the data that was compromised will not be stolen or used. In some reports, hackers have not only withheld the unencryption key following receipt of the ransom payment, but they were also actually unable to unlock the network due to the type of ransomware they had used.
Sarrell’s patients received their notification letters beginning around September 12, 2019. However, there is a strict deadline for taking advantage of the security tools that Sarrell Dental is providing to affected patients following the Sarrell Dental data breach. All applications must be completed by December 12, 2019, and instructions for signing up are in the notification letter.
You might also like…