State of Infrastructure
Back at the dental clinic, there were at least 7 machines in use at any single point in time.
| Device Platform | Purpose | |
| OpenDental Server | Windows 10 | OpenDental Server MySQL Database File Server |
| X-Ray PC | Windows 10 | Interfaces with X-Ray machine to save images on a Network File Share |
| Dentist Rooms | Windows 10 | Located within each room for dentist to access patient data using OpenDental client |
| Front-Desk PC | Windows 10 | PCs to create, access, update, or delete patient appoint data Emails sent to clinic are also accessed and responded from these PCs |
Networking of devices in the clinic are also performed in a straightforward manner.
- ISP provided Static Public IP Address to route network traffic from all devices using NAT
- Devices are all using a shared password, with administrative privileges
- All devices can be used to access the Internet
While the above infrastructure setup has worked for the dental clinic for years, I could foresee potential points of failure, of points of entry by malicious hackers:
- A single point of failure is located at the server hosting the OpenDental server. In the event of a hardware failure, business critical data may become unaccessible and unrecoverable
- Machines in the dentist rooms do not require Internet access, but are allowed to anyway
- Machines in the clinic do not have Anti-virus (AV) software installed
Evidently, I was told that the clinic suffered a Ransomware attack because of a phishing email, with a malicious payload attachment. This could have been prevented with proper security awareness training for staff, as well as a robust AV software in place.