The American Dental Association (ADA) was struck by a cyberattack over the weekend, forcing them to lock down parts of their network while they investigated.
The American Dental Association (ADA) is a dental and oral hygiene advocacy organization that offers training, workshops, and courses to its 175,000 members.
Many people in the United States are familiar with the ADA Accepted seal on oral hygiene items like toothpaste and toothbrushes, which indicates that the product is safe and beneficial to oral health.
ADA is the Victim of a Hack over the Weekend
The ADA was hit by a cyberattack on Friday, forcing them to shut down affected systems, disrupting online services, phone calls, email, and webchat.
The ADA website currently has a banner announcing that the site is having technical difficulties and that they are trying to restore service.
The ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice Transitions are among the online services that are now unavailable due to the outage. During the downtime of its email servers, the corporation has resorted to using Gmail addresses.
When we contacted ADA for comment on the attack, we were told that they were experiencing technical difficulties and that they were looking into the source of the outage.
Emails written to ADA members and obtained by BleepingComputer, on the other hand, depict a far more bleak image.
Last night, the American Dental Association (ADA) began sending emails to its members, including state dental associations, offices, and organizations, with an update on the assault and information that may be shared with the recipients’ members.
“The ADA was hit by a cybersecurity issue on Friday, which disrupted several systems, including Aptify and ADA email, phone, and Web chat. When the ADA discovered the problem, it promptly shut down the affected systems and launched an investigation into the cause and breadth of the outage “BleepingComputer obtained a copy of an email issued to ADA members.
According to the email, they are investigating the attack with the help of “third-party cybersecurity specialists” and law enforcement.
“We have alerted federal law authorities and are collaborating with them in this ongoing investigation, so we ask for your patience while we limit the amount of information we can release at this time. In the interim, we appreciate that members may have questions concerning the situation, “continues the email issued by the American Diabetes Association to its members.
“It is critical that we share accurate information about this situation to our members. It’s also critical that we respond with factual information, while keeping in mind that this is still an ongoing inquiry.”
The ADA’s hack affects not only its website, but also state dental associations including those in New York, Virginia, and Florida that use the ADA’s online services to register accounts and pay dues.
Preliminary investigations, according to the ADA, do not indicate that member information or other data has been compromised. However, the attack is described as a ransomware strike, and practically every first news release says the same thing, with stolen data afterwards disclosed by threat actors.
BleepingComputer has reached out to the ADA with additional questions about the attack, but has yet to get a response.
The ADA’s data has been leaked by the Black Basta ransomware gang.
The attack on the American Dental Association was claimed by a new ransomware gang known as Black Basta.
Security researcher MalwareHunterTeam alerted BleepingComputer shortly after releasing this news that the threat actors had started distributing data allegedly taken during the ADA attack.
According to the threat actors, the data leak site has spilled about 2.8 GB of data, which is about 30% of the data obtained in the attack.
W2 paperwork, NDAs, accounting spreadsheets, and information about ADA members from screenshots provided on the data leak page are among the documents.
Because tiny dental practices often do not have dedicated security or network administrators, the disclosure of dentists’ information can be extremely detrimental.
Because they lack dedicated IT employees, their networks are often less secure than those of larger organizations with a significant security budget.
Due to the risk of information being leaked to other threat actors, all ADA members should be on the watch for targeted spear-phishing emails attempting to steal login credentials or other sensitive information.
Dental practices should also verify that no remote desktop services or other potential channels for initial access to their networks are exposed, and that they are instead protected by a VPN.
