'Extremely frustrating:' Ransomware attack on West Allis company impacts hundreds of dental offices

WEST ALLIS -- Hundreds of dental offices across the country were targeted in a ransomware attack. PerCSoft, IT company that was attacked, is based out of West Allis. It wasn't immediately clear whether patient data, including Social Security numbers, was compromised.

FOX6 News visited a dental office on Friday, Aug. 30. Staff explained their system was down, and they wouldn't be able to schedule an appointment or look up any information.

As it turned out, the office was targeted in the attack impacting dental offices nationwide.

Most offices rely on a computer to schedule patients and store important patient data. Around 400 offices around the country had to try to operate without a computer after a software system was hacked.

FOX6 reached out to multiple offices impacted in southeast Wisconsin. While none were willing to comment, some did take to Facebook to vent their frustrations. One posted, "More and more lost hours and revenue, with patients getting more and more frustrated. Very embarrassing for all of us." Another said, "We are having issues seeing patients and keeping our people working. This is extremely frustrating."

In a release from the Wisconsin Dental Association, they explained the issues had to do with IT vendor PerCSoft based out of West Allis. PerCSoft is used to back up client data for digital dental records. PerCSoft was targeted by a ransomware attack on Monday, Aug. 26.

A ransomware attack is when an attacker locks valuable digital files and demands a ransom to release them.

On Friday, Aug. 30, days after the attack, many offices still did not have access to their files.

PerCSoft officials did not return calls from FOX6, but company leaders were also actively posting on Facebook.

In a post Friday morning, company leaders said they were, "Making more and more progress on recoveries," and they were working on messaging for patients.

The Wisconsin Dental Association issued statements Friday, and Thursday, Aug. 29:

"Aug. 30, 2019

To all Wisconsin Dental Association members

I want to thank those of you who took the time to respond to the WDA’s Thursday, Aug. 29, email update on the DDS Safe situation. We received some very good questions, particularly from dentists who are receiving calls from patients worried about the security of their personal data. I thought it would be helpful to provide more information to help members address patient concerns, as well as share the latest update about restoration efforts heading into the holiday weekend.

As reported in yesterday’s update, the WDAISC and PerCSoft are in the process of fully investigating the scope of this ransomware attack and are working with the FBI’s Cyber Crimes Task Force agents to determine next steps. They have not yet been able to determine whether any practice or patient data was accessed or compromised. In ransomware attacks, systems are encrypted and locked, but data is not always taken. It is too early in the investigation to confirm the extent of the attack and whether any data was compromised. If the investigation finds that data was compromised, WDAISC and PerCSoft will communicate that to clients and comply with all legal requirements that may apply.

Dentists have also asked if they should be proactively notifying patients of a potential compromise. At this time, legal counsel urges caution against making any notifications because, as set forth above, the scope of the attack is just not known. We don’t want to inform patients that information has been compromised if it hasn’t, nor do we want to make assurances that data was not compromised if it was. While that process may be unsettling, it is important that the investigation be completed before sending out any notifications. We are assured the investigation will be finished and any information provided within all legal reporting periods so that any required notifications can be made. If you would simply like to communicate with your clients about the business disruption, you may certainly do that, but please make it clear that the scope of the incident is still uncertain and that work is under way to investigate the situation completely.

As is often the case in situations like this one, we have heard several rumors making the rounds, including speculation about ransom paid to the hackers who orchestrated the attack. While we are unable to discuss details of the attack due to the ongoing investigation, I want to assure all members that the WDA has not paid a ransom of any type, and no member dues have been used in resolution of this situation.

We remain in close contact with the WDAISC and PerCSoft, which reports it has brought in additional support to assist with and expedite the restoration process. We do not have an exact number of practices that have been restored, but PerCSoft reports they are making continual progress on data recoveries. Work will continue over the long holiday weekend, and WDAISC staff will continue to take customer calls over the holiday as well.

I will plan to send another member update on Tuesday, Sept. 3. If you have questions in the meantime, please contact WDAISC President Mara Roberts (mara@profinsprog.com – add “DDS Safe” to your subject line – or 414.755.4170).

Thank you for your continued patience and support."

"August 29, 2019

To all Wisconsin Dental Association members:

As we head into the holiday weekend, I want to take a moment to update you on an ongoing situation involving DDS Safe, a WDA endorsed product that is part of the WDA Insurance & Services Corp. At 8:44 a.m. on Monday, Aug. 26, WDAISC learned that ransomware had been deployed on the remote management software DDS Safe uses to back up client data. PerCSoft, the IT vendor for DDS Safe, took immediate action to contain the threat; however, roughly 400 practices around the country lost access to electronic files as a result of the virus.

PerCSoft assures us it is working to restore files as quickly and completely as possible, but restoration is a slow and methodical process that could take several days to complete. In the meantime, DDS Safe and the WDAISC are actively communicating with their clients to answer questions, facilitate contact with insurance carriers and address other business concerns. WDAISC is working diligently to fully investigate the situation and ensure it has been contained. It is also working with the Federal Bureau of Investigation’s CyberCrime Unit as part of the investigation and response. We are in close communication with them and will provide updates when we can.

The safety, security and high quality of the endorsed products and services the WDA provides and recommends for our members is extremely important to us, and we are taking this matter very seriously. As WDAISC and PerCSoft work to return their clients to business, we are monitoring the situation, offering our assistance and fielding calls from members and the media. We are working closely with legal counsel, our insurers, the ADA and WDAISC leadership to ask questions, get answers and determine our next steps moving forward. At all times, what is good and right for our members, our members’ livelihoods and the strength of the WDA is top of mind.

Our understanding is that only a small percentage of the affected practices are in Wisconsin, and that WDAISC and PerCSoft have been in touch with most of them. If you continue to have questions or would like to discuss this matter further, please feel free to reach out to WDAISC President Mara Roberts (mroberts@profinsprog.com – add “DDS Safe” to your subject line – or 414.755.4170). We will also provide updates on WDA.org as they are available.

Thank you for your patience and support during this very difficult situation.

Mark Paget"