SmileDirectClub (SDC) is a business that offers teledentistry services throughout the world. They produce and sell transparent retainers that fix crooked teeth in the way that traditional braces work. With 60-75% of people in need of their services, they are poised for long term success, with a large audience of potential patients. Sure, there is competition from other companies, but they were on the up and up. In fact, it was just in early 2021 that they posted numbers that were showing a strong first quarter. Considering the previous year with the pandemic and when a lot of people couldn’t see a dentist easily, this was great news.
However, this next quarter might not include news to smile about. According to a filing with the Securities and Exchange Commission, SmileDirectClub “experienced a systems outage that was caused by a cybersecurity incident on April 14, 2021.”
The details are few at this point, and they are indicating that their internal engineers were able to respond quickly and power off or isolate the systems that were affected by the breach from the rest of the network. It appears that it is their manufacturing systems being the areas that were affected. They have said that “leading forensic information technology firms” have been brought in to assist with the incident, and assess the damage that was done. The filing also states that SDC’s systems are “back online and performing normally” and that they did NOT pay a ransom.
If you have to suffer a breach, this sounds like one of the best-case scenarios from what we know so far. The interesting part is how the business world is reacting despite this news of a breach well responded to. With reports that the anticipated revenues have dropped from the $205-215 million range down to $10-15 million, and stock shares dropping, people are concerned.
This goes to show that a strong cybersecurity posture does not start with one tactic and end when you feel your team is “up to speed”. Ongoing training and reminders of how and why a breach can occur are critical, but so is knowing how to react effectively if it does. But even then, you are still at risk of suffering financial and reputational loss despite all of your preparation and planning. You can’t stop consumers and analysts from making negative assumptions and predictions. Cyber insurance can help to cover the costs of this type of reaction, as it may cover public relations, but you need to work diligently to stop it before it happens.
The SmileDirectClub incident is proof positive that your best preparation is only part of the equation. You need to work diligently to be ready in case you have to react but work even harder to work to prevent it from happening in the first place.