One Cyber Incident – Three Possible Outcomes

Scenario #1: A dental practice manager arrives at the office and starts up her computer. Her screen flashes a notice that the system has been locked and demands a ransom of $4,900 to provide the key to access the data. She panics – patients will be arriving in less than 30 minutes and now there is no access to the schedule, online patient data, billing or email. She dials her local IT consultant and leaves a message on the voice mail.

Other staff arrives but no one else knows what to do either as all of their systems come up with the same ransom message. Patients begin to come in for their appointments and still no call back from the IT consultant. The practice manager calls another firm that installed a firewall for them two years prior and is advised to restore from the backups. No one at the practice knows how to do this, so another call is placed to the IT consultant. Hours later, the consultant arrives on-site and determines that the automated backups had been failing for weeks, and the last good backup fails to restore.

The practice decides to pay the ransom, they have to get back their files. They sent the $4,900 to the hackers and 24 hours later they do get a key to access the data. Meanwhile, the practice manager contacted their attorney to see if they have any legal resource and is advised that since the data was accessed, the practice needs to report the breach, notify HHS and their patients, and offer free credit monitoring to almost 4,000 patients. Over the coming months, the bills keep coming for IT assistance, the attorney, notification costs, and credit monitoring and the practice submits to their commercial carrier only to learn that they have a $50,000 deductible on their commercial policy so the $49,428.79 they have paid will not be reimbursed.

Scenario #2: A dental practice manager gets a call from her IT consultant that patient data attributed to their practice was detected on the Dark web, and an incident needs to be reported. She accesses the portal and requests Breach Response. Within 20 minutes she is contacted and connected to a cyber forensics group who uncovers the backup issue and confirms that the FBI does not have a key for this particular ransomware, so the only hope to get the data back is to pay the hackers. Payment is submitted via the cyber team using the $100,000 coverage that was included with the breach response program and the data is restored. The breach response attorney explains the notification requirements and walks the manager through the process. The legal and notification costs are also covered in full by the breach response policy. The office is back up and running within 48 hours with the breach response insurance policy covering the $49,428.79 breach expenses in full.

Scenario #3: A dental practice manager gets a call from her IT consultant that login credentials attributed to their practice was detected on the Dark web. The login and password in question is one of the dentist’s on staff, and has access to all data. The consultant works with the practice manager to force a password reset for all accounts. A possible breach is reported to via the breach response portal and cyber forensics team reviews logs and is able to determine that no data was accessed from the outside using the exposed credentials, and no breach has occurred.

Which scenario would you hope for as the practice manager? As the MSP? If you don’t have Breach Response in place before something like this happens, you will likely face the pitfalls and unexpected financial impacts of Scenario #1.

Tracy Fox
+ posts

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.