Ransomware on the Rise: Steps To Protect Your Practice and Systems From Cyber Disruption

October 1, 2021

Over the past two years of practice disruption due to the pandemic, dentists have become attuned to navigating new challenges and balancing complex risks. However, there are some issues that blindside even the most seasoned practice owners. Imagine coming in ready to start the day, booting up your computer to check the schedule and then … nothing. There’s just a blank screen, or worse yet, a message stating that your system has been locked and a demand for a payment to gain access. When a ransomware attack hits, your practice comes to a screeching halt. A compromised system can mean no access to schedules, billing or patient records.

Cybercriminals have been leveraging practice disruptions to launch ransomware attacks in skyrocketing numbers. California dentists must proactively protect their practice systems, be prepared for the eventuality of receiving a demand and follow sound steps to recover from an attack.

In just one case handled by The Dentists Insurance Company, the total costs to conduct a forensic IT investigation, get systems back online and cover lost business neared $100,000. When the dentist could not access his files, it soon became clear that the system had been hacked and the practice was a victim of ransomware. As patient data was stored in the cloud, the dentist didn’t believe that there had been a data breach but was still paralyzed from doing business because his systems and files were locked.

By the time a forensic IT firm was engaged to regain access to the system, get it back up and running again and unlock the data, the dentist had already paid a $25,000 ransom demand. The insurance claim reflected more than $70,000 in costs due to the amount of time the practice operations were down plus the expertise needed to investigate and reconcile the records and data.

In cases like this, recovering data and reimbursement for the associated financial loss is crucial to practice sustainability. But the investigation into how the system was accessed can be priceless in helping to support and train the practice team in mitigating future crises. In today’s high-risk climate, everyone on the team should understand the potential implications of clicking on an attachment from an untrusted source or opening a malicious email. 


The dedicated analysts who answer The Dentists Insurance Company’s Risk Management Advice Line field calls from CDA members and TDIC policyholders on navigating practice challenges — everything from patient care to documentation to employment to property. These experts have also developed tools that policyholders can access at any time by logging into their accounts online through TDIC’s newly enhanced website.

Resources to support cyber incident prevention include:

  • A comprehensive Cyber Liability Guide for an overview of risks and targets, data breach and cyberattacks, investigations, preparation and prevention
  • A Cyber Event Checklist to plan for how your practice should respond to a cyberattack or incident
  • A full library of articles, including expert guidance on the many aspects of cyber awareness and risk management in dentistry

These tools, in addition to guidance from your IT professional, can help you train your staff on recognizing and mitigating cyber risks.


A proactive approach also means having the right type and amount of insurance coverage in place. To keep pace with today’s evolving risks, owners — regardless of practice size — need insurance that goes beyond data breach. Look for a policy that is built to help you respond to and recover from a broad range of cyber incidents.

CDA members who are TDIC Business Owner’s policyholders can apply to add Cyber Suite Liability coverage at any time. If you don’t yet have cyber insurance or are unsure about your coverage, request a free policy review to compare your options and determine the solution that best fits your practice needs. Don’t wait until a ransomware attack to realize what your policy does or doesn’t cover.


With ransomware attacks on the rise, even well-prepared and well-protected practices will still be targeted. If you do experience an incident, it can be difficult to maintain the presence of mind to respond in a way that mitigates further risk.

While every incident is different, these six steps are sound guidance to support you:

  1. Don’t pay a ransomware demand until you consult a professional.
  2. Contact your IT provider right away for assistance. Let an expert assess the situation.
  3. Document without clicking on links or deleting information. Take a picture of the screen and note what it said at the time of the incident. Capture when it happened and how it occurred, if known.
  4. Save network security logs that indicate the date, time and device used. Collect facts and gather information from your staff and IT provider.
  5. Call your professional insurance provider or log in to your account to report the incident as soon as possible and initiate a claim.
  6. Report a data breach to appropriate agencies.
    1. For ransomware: Federal (FBI) and state law enforcement agencies.
    2. The internet crime complaint center (IC3).
    3. Security breach notifications required by law in California.
    4. For data breaches: Department of Health & Human Services .

Following a response plan and sharing accurate information with your insurer are both crucial to your recovery and initiating the claim process. Know that you’re not alone when faced with a cyberattack or ransomware demand. TDIC recognizes the stress and disruption that is created when these cyber events occur and has created resources to assist with implementing a proactive approach for your practice. Stay informed of cybercrime trends and reach out to the experts at your professional insurance company for guidance on setting up prevention plans to lessen the risks of future incidents.

TDIC’s Risk Management Advice Line is a benefit of CDA membership. Schedule a consultation with an experienced risk management analyst or call 800.733.0633. Reprinted with permission from the October 2021 issue of the CDA Journal.


Was this resource helpful?