Dental backups at Seasons of Smiles Dental.

Dental data backups at Seasons of Smiles Dental.

This weekend, this email came through my inbox (Check it out below.). As a dentist, my computer data backups are a huge concern for me. One of the biggest nightmares is coming to the dental office on Monday morning and the computers not working.  As the email attests to, it appears that this may have occurred to many of my colleagues.

Here are my recommendations for dental backups.  Here are my four methods that I would recommend for backing up your dental software. The more you can implement, the better.

We are a relatively small office that takes a ton of photos, as well as a fair share of x-rays. As of Labor Day 2019, we are running close to 70 gigabytes of data, with that in mind here are my recommendations.

Recommendation #1) Local backup with an external hard drive.  I am currents using Seagate Backup Plus Hub. If you check on Amazon, you can pick up a six-terabyte hard drive for $139.00.  This price is very reasonable. This little box sits next to my server, at the end of each workday, I turn off Eaglesoft and run a batch file that makes a copy of my data folder to multiple locations. I do not move this external hard drive.  The Seagate external drive always sits there next to our server.

Recommendation #2) Local back #2, I would also recommend a secondary dedicated computer for backups.   At the end the end of each work day, put a copy of all the office data on the second machine.  The only use for this computer is to hold a backup copy of all the data.  The upside to this idea is that if my server ever dies, for any reason, there is a computer sitting on the side, ready to boot up as the primary server. I think this is something that Eaglesoft can easily do within their software, and I have repeated asked them to do this for us.  I have been asking for 10 years, I can only hope.

Recommendation #3) Use a cloud service.  I am currently using Google Drive. The Username/password needs to be robust. I am currently using Eaglesoft, and Eaglesoft assures me that all our data is encrypted.  So, in theory, if our google drive is ever compromised, the data is still encrypted through Eaglesoft.  Maybe I am naive, but I would like to think of it as double safe.

  • It is $4.99 per user per month. You only need one user.
  • Google provides the option to make it HIPPA compliant, free of charge.
  • It’s pretty robust.  It’s as good as the internet coming into the office.
  • The upside with having data in the cloud is that if the office should ever burn down, the data would be safe.

Recommendation #4) The last option would be to use an outside service that will do it all for you, such as Patterson Dental’s PattLoc or Digital Dental Record’s DDS Safe. I do believe that Henry Schein offers this type of service as well. The upside to this idea is that you can pay and forget about it. This is the easiest way to implement backups, but it may cost the most. This method is not foolproof as the email below can attest. As of today, I do not use this method.

I am open to making these four recommendations for dental data backups with the idea that you may see some deficiencies in my recommendations and may want to add to the conversation. Please leave your comment below.

Hey Cory, Well, we have had a rough week. On Monday, we were welcomed by Ransomware on our server. You may have seen it in the news:

https://www.cnn.com/2019/08/29/politics/ransomware-attack-dental-offices/index.html

https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/

 

So, we chose to contract with The Digital Dental Record for cloud backup of our data. It was endorsed by the American Dental Association, the Minnesota Dental Association, and approx. 30 other state associations. The Digital Dental Record developed DDS Safe as their product, and then they subcontracted administration to another IT company named PerCSoft. PerCSoft was attacked, and that’s how the hackers gained access to our server (through our cloud backup connection). DDR has approximately 900 clients, and we were 1 of about 500 that were affected.

 

We consider ourselves lucky, because we had a local backup. We were able to reinstall onto a new computer, and our office experienced no downtime. I’m in a number of facebook groups with dental offices (and even dental universities!) that *only* had DDS Safe as their backup. It appears that PerCSoft paid the ransom (our individual ransom was $4000, so I can’t imagine what they had to shell out), and they received the decryption key. It has been working ok, but it seems like it’s taking them a long time. A lot of offices are STILL down – which is why I think we are lucky that we had an onsite local backup (onto an external hard drive).

 

I wanted to relay this all to you for several reasons:

  1. If you’re in a position to encourage your clients to have multiple ways that they backup their data, that will help them in the long run. We had the Trojan virus attack in the spring, which DID NOT affect our server, but we had to get all new workstations. The reason that it was okay was that we had a cloud based backup (DDS Safe), so we didn’t lose any data. Now, DDS Safe was compromised, but the reason we are ok is that we had an onsite backup. Both are important.
  2. I wanted to see if you’ve heard if any of your other clients were impacted by this? I’m looking for guidance on how to handle this HIPAA-wise. I’ve contacted the ADA (since they ENDORSED this product, which is the reason I chose it!), and I’m seeing a lot of consultants on the facebook groups mentioning that HIPAA consultants and/or attorneys should be sought out (and of course they offer these services, so I can’t tell if they’re just ambulance-chasers or legit professionals with experience).

This has been incredibly frustrating. We were doing everything “right” by having cloud based backup, but my understanding of HIPAA law is that liability doesn’t transfer when you engage outside business associates. Meaning: we are still liable for this breach, even though we did nothing to cause it. I’m still trying to figure out what we need to do – potentially, we might have to do a federal HIPAA breach notice, including a press release, etc. I would love to avoid that, but I believe it would take forensic evidence that the ransomware folks didn’t extract or read any personal information. The nature of their “business” is that they just want money and not data… but that really should be proven. I’m hoping PerCSoft will have that info. Additionally, I believe we could potentially expect HIPAA audits, etc because of this.

 

If you’re further curious, you can check out PerCSoft and The Digital Dental Record on facebook, as they’re publicly publishing all updates.

Hope you had a better week than we did – ha! And Happy Labor Day Weekend!

%d bloggers like this: