The Backup That Wasn’t: A Dental Practice vs. Ransomware

The practice manager did everything she thought she was supposed to. There was a backup. There was an antivirus. There was even a firewall the IT guy had set up three years ago. None of it mattered on the Monday morning the screens turned to a ransom note.

How they got in

The front-desk PC ran remote-access software so the office manager could log in from home. It was exposed to the internet with a weak password and no MFA. Attackers found it in an automated scan, walked in, and spent four days quietly mapping the network before pulling the trigger.

The backup that wasn’t

There was a backup drive, plugged into the same server, always connected. When the ransomware encrypted the server, it encrypted the backup too. A backup that’s always online isn’t a backup; it’s just a second copy waiting to be destroyed.

The bill

• Six days of cancelled appointments.
• A breach-notification obligation for patient records.
• Weeks of rebuilding, and a hard conversation with their insurer about controls they’d claimed to have.

What would have stopped it

MFA on remote access. An offline or immutable backup copy. And someone watching for the four days of reconnaissance that preceded the attack. The tools exist and they’re affordable, the gap was knowing which ones this practice actually needed.