Cyber Incident Victim: The Digital Dental Record

On August 26, 2019, hundreds of U.S. dental practice offices discovered they could not access patient records after returning to work following a weekend ransomware attack. The incident stemmed from a breach of DDS Safe, a backup and records retention solution developed by Wisconsin-based companies The Digital Dental Record and PerCSoft. Attackers compromised the software providers' infrastructure over the preceding weekend and used it to deploy REvil (Sodinokibi) ransomware across customer systems. This caused widespread operational disruption as dental practices lost access to critical medical data required for patient care. The ransomware encrypted files on affected computers, rendering them unusable without decryption keys.

The Digital Dental Record and PerCSoft opted to pay the ransom demand and began distributing a decryption tool to impacted customers on August 26. Recovery efforts progressed slowly due to technical challenges inherent in ransomware remediation, with some dental offices reporting via a Facebook group that the decrypter failed to restore all files or functioned inconsistently. The companies did not publicly disclose details about the attack vector, ransom amount, or total number of affected practices. This marked the third known instance in 2019 where REvil operators compromised managed service providers (MSPs) to distribute ransomware, following June attacks via Webroot SecureAnywhere consoles and an earlier August incident targeting 22 Texas counties through another MSP. Security firm Fidelis ranked REvil as the year's fourth most prevalent ransomware strain, responsible for 12.5% of infections. The attack highlighted contradictions in DDS Safe's marketing, which promoted the product as a safeguard against ransomware despite the breach originating from its own infrastructure.