The ransomware attack was carried out in November 2020 by the operator of Conti ransomware.
Galstan & Ward Family and Cosmetic Dentistry, a dental practise in Georgia, suffered a ransomware attack. Interestingly, after the attackers called to warn them about the threat, the facility found it.
Drs. Galstan and Ward found that some irregularities were shown by their computer systems. They skipped it though and called in an IT specialist to delete and reinstall the server from the backup. They found no lack of data, and the service was not interrupted either.
Then the attackers received a phone call and discovered that their website had been accessed, and some files were uploaded to the dark network afterwards. Also the party sought a ransom from Drs. Ward and Galstan.
The company contacted outside counsel after discovering the ransomware attack and hired a cyber security company to carry out technical investigation and assess the appropriate remediation services.
On Nov 13th, 2020, the practise sent a note to its patients stating that the attack happened between Aug 31st and Sep 1st; they learnt about it after they were told by the hackers about the security breach.
They found out on Sep 11 that many of the files saved on their server were placed on a dark web forum, according to Databreaches.net. The practise stated that none of the files compromised contained data from patients.
They will however, provide free identity theft repair and credit monitoring services via IDX to the impacted patients.
The security company tested the server that was restored and verified that it was malware-free. They did not locate any evidence that they had manipulated or stolen sensitive patient data contained in the information systems of the hospital.
At least 10,759 patients have reportedly been affected by the incident. The HHS was informed about the assault on Nov 6th.
Further details showed that because the Conti ransomware strain was used to hack the dental clinic’s registry, Conti threat actors were responsible for the attack. The assailants submitted 20 files as evidence of access after obtaining access.
The practise reports, however that the archives did not contain PHI, but rather the records and file models of the dental office’s Dentrix system.