The ADA is hit by Ransomware

ADA

American Dental Association (ADA) Ransomware Attack is an Imminent Threat for Small Dental Offices

The American Dental Association was a victim of a Ransomware attack this weekend.  A new hacker group called Black Basta claimed responsibility for the attack. The ADA initially posted on their website that they were experiencing technical difficulties but have since emailed members to loop them in about becoming a victim of a Cyber Attack. The attack interrupted the ADA’s chat, email, telephones and several other online services, forcing them to take their systems offline.

American Dental Association NewsBlack Basta reportedly hijacked data which includes employee W-2’s and ADA Membership information. They claim to have released approximately 30% of the data so far.

It is probable that Black Basta intentionally besieged the ADA to get a list of private, individual dential professionals.  With this list, they can launch smaller, more targeted attacks on under-protected offices, such as those with in-house IT or with a ‘tech savvy’ team member (such as a lab tech, hygienist, or a dentist) trying to manage the IT and networks.

In addition to this ransomware attack, ADA members should expect a series of Phishing attacks in their email inboxes (possibly from a spoofed address), in an attempt to gain login information. Once the hackers have login credentials, it is an easy, small step to gain access to company network, releasing another set of Ransomware.

The common misconception that a small office is an unlikely target in these ransomware attacks is not only wrong, it’s dangerous.  This is especially concerning because most small dental offices do not have adequate resources dedicated to their cyber security.  Protections such as selecting a network admin or engaging a professional IT company over in-house or one-man support can significantly boost security.

According to the article on bleepingcomputer.com, in regards to small offices,

“This lack of dedicated IT personnel typically causes their networks to be less secure than larger corporations with a significant security budget.”

Hackers often take the path of least resistance. It takes less time to breach a minimally secured system than a heavily protected one.  While bigger corporations often have larger sums of available funds to pay ransom, it is easier to hit many smaller offices, resulting in a bigger payday for the hackers. Many Dentists and Office Managers are under the impression that it would cost them a fortune to afford quality IT Services, but this is no longer the case.

What steps can you take to better protect yourself?

  1. Don’t open any ADA emails unless you are expecting one! It is unclear as of now what may or may not actually be from the ADA and what is a phishing email. While there are ways to identify Phishing emails, in light of the recent attacks, it is better to err on the side of suspicion.
  2. Ensure that you (and your staff) are using unique user ID’s and 16 character passwords to everything you log in to. This seems like a lot, but if you are reusing your passwords across various systems, once a hacker gets your login to one system, they get access to them all!! Using a password manager such as PasswordSafe (pwsafe.org) will alleviate the need to attempt to remember all of these passwords.
  3. Hire an IT Company that specializes in your industry and in Cyber Security. Good cyber hygiene is now affordable. We have a team of experts on your side implementing preventative security measures. In fact, we would argue that in the long run, trying to save a buck by having someone do it in-office will end up costing you more in the future.

If you’re already one of our clients, you don’t need to worry as long as you and your staff are following our recommendations about security measures.

If not, give us a call at 541-494-2099 for a no cost, no obligation Cyber Risk Assessment. We can identify areas where your security needs beefing up and provide you with an action plan. Even IF you already have an IT person/company, it never (especially now) hurts to have a second set of fresh eyes review your protocols and settings to ensure that you are FULLY protected!

The ADA is currently working with a third-party IT Company and Law Enforcement, and therefore cannot release any more specific details regarding the attack as it is an ongoing investigation.

https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/