ADA advises dentists to be on alert of internet security risks.
The American Dental Association (ADA) was the target of a weekend cyberattack, which forced them to shut down portions of their network while they investigated.
The American Dental Association (ADA) is a dental and oral hygiene advocacy organisation with 175,000 members that offers training, workshops, and courses.
The ADA was the victim of a cyberattack on Friday, which forced them to take affected systems offline, disrupting various online services, telephones, email, and webchat.
The ADA website now displays a banner stating that their website is experiencing technical difficulties and that they are working to restore service.
This outage has rendered online services such as the ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice Transitions inoperable. While its email systems are down, the company has resorted to using Gmail addresses.
When BleepingComputer contacted ADA for comment on the attack, we were told that they were only experiencing technical difficulties and were looking into the cause of the disruption.
Emails sent to ADA members and obtained by BleepingComputer paint a much darker picture.
Last night, the ADA began emailing its members, which included state dental associations, practises, and organisations, with an update on the attack and information that recipients' members can share.
"The ADA was the victim of a cybersecurity incident on Friday, which disrupted certain systems, including Aptify and ADA email, phone, and Web chat. When the ADA was notified, it immediately took affected systems offline and launched an investigation into the nature and scope of the disruption "BleepingComputer received and read an email sent to ADA members.
The announcement comes just a few weeks after the ADA warned dentists to be on the lookout for potential cyberthreats in the aftermath of Russia's invasion of Ukraine. According to a March 1 story in ADA News, cybersecurity experts urged people to be aware of possible increases in cyberattacks in the United States in February.
Though the nature and scope of the attack are still being investigated, "at this time, there is no indication that any member information or other data has been compromised," according to April Kates-Ellison, ADA vice president, member and client services, in a press release.
As soon as the ADA became aware of the attack on April 22, it took its affected systems offline. It is currently collaborating with third-party cybersecurity experts to investigate the impact on its systems and restore full system functionality.
Furthermore, the ADA is cooperating with US law enforcement, and because the investigation is ongoing, the ADA has stated that it must limit the information it can share at this time.
When new information becomes available, the ADA will provide it. Questions can be emailed to email@example.com as the investigation continues.
"ADA appreciates your patience and understanding as we work to resolve the situation, and we apologise for any inconvenience," Kates-Ellison said in a statement.
At the time of publication, the ADA could not be reached for comment.
In other news, Burkhart Dental Supply in Portland, Oregon, notified customers on April 20 of a data security breach. According to a letter from the company, personal information such as customers' names, Social Security numbers, driver's licence data, and other state-issued identification card information may have been compromised as a result.
According to the letter, the incident occurred around October 7, 2021, but the investigation by cybersecurity experts was not completed until March 3. There were no additional details provided.
The ADA's cyberattack affects not only their website, but also state dental associations like those in New York, Virginia, and Florida that rely on the ADA's online services to register an account or pay dues.
The Black Basta ransomware gang exposes ADA's data.
The attack on the American Dental Association has been claimed by a new ransomware gang known as Black Basta.
Soon after this story was published, security researcher MalwareHunterTeam informed BleepingComputer that threat actors had begun leaking data allegedly stolen during the ADA attack.
The data leak site claims to have leaked 2.8 GB of data, which the threat actors claim is 30% of the data stolen in the attack.
This data includes W2 forms, NDAs, accounting spreadsheets, and ADA member information from screenshots shared on the data leak page
The leaking of dentists' information can be especially damaging because small dental practices typically lack dedicated security or network administrators.
Due to a lack of dedicated IT personnel, their networks are typically less secure than those of larger corporations with a significant security budget.
Due to the possibility of ADA members' information being leaked to other threat actors, all ADA members should be on the lookout for targeted spear-phishing emails attempting to steal login credentials or other sensitive information.
Dental practises should also ensure that no remote desktop services or other potential avenues for initial access to their networks are exposed, and should instead place them behind a VPN.
Tips for safeguarding yourself from cyberattacks
When it comes to cybersecurity, being proactive is the best way to protect yourself. While most of these suggestions may appear to be common sense, they are critical in combating cybercrime.