Ransomware attack hits over 400 dental practices

  Download/Print Risk Alert (PDF)

ADA News (8/30) reports, “An estimated 432 dental practices were potentially affected Aug. 26 in a ransomware attack involving DDS Safe, a service from The Digital Dental Record, a subsidiary of the Wisconsin Dental Association, that provides IT products and services to dentists.” The DDS Safe service is used by some dental practices to back up computer system data.
ADA News reports that in a statement to Wisconsin Dental Association members, “Executive Director Mark Paget said the Wisconsin Dental Association Insurance and Services Corp. and IT partner PerCSoft were investigating the scope of the attack with the FBI’s Cyber Crimes Task Force to determine next steps.”
The Wisconsin Dental Association Insurance and Services Corp. advised affected practices to contact their business insurance, cyber insurance, and professional liability carriers to determine if coverage is available and start the claims process.

The ADA advises that dentists can take several steps to protect themselves against phishing and other cyberattacks, including training staff on basic data security, backing up data regularly and keeping a copy off-site, being wary of suspicious emails with attachments and web links, and maintaining anti-virus and anti-malware software. To learn more, ADA member dentists can visit Success.ADA.org. The ADA also offers a continuing education course on phishing and ransomware at ebusiness.ADA.org.
The Federal Trade Commission also offers resources for small businesses to help protect against phishing and other cybersecurity threats at: https://www.ftc.gov/tips-advice/business-center/small-businesses.
The U.S. Department of Health and Human Services has educational materials specifically designed to give HIPAA covered entities and business associates information on how to respond to the threat of cybersecurity incidents: https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html.
Additional guidance is available at HealthIT.gov.
IRS penalties for failure to follow ACA employer mandate
On September 1, 2019, “Newsday” reported that even though the federal tax under the Affordable Care Act on uninsured individuals is no longer valid, the mandate that employers of a certain size must provide health insurance for all full time employees is still in effect. Such employers that fail to comply face financial penalties. The “Newsday” article states that “IRS penalty notices are being issued, and experts expect penalties to increase for the 2019 tax filing season.”
It is therefore imperative that all dental practices know if they fall under the size requirement of this provision of ACA and comply if they are included. The IRS states that if an employer has at least 50 full-time employees, including full-time equivalent employees, on average during the prior calendar year, the employer is subject to the ACA employer shared responsibility provisions and the employer information reporting provisions.
Detailed information can be found at: www.irs.gov/affordable-care-act/employers/determining-if-an-employer-is-an-applicable-large-employer