The American Dental Association (ADA) suffered a cyberattack over the weekend, causing them to shut down parts of their network as they investigate the attack.
The ADA is a dental and oral hygiene advocacy association that provides training, workshops and courses to its 175,000 members.
For many who live in the US, they are likely to recognize the ADA Accepted seal on oral hygiene products, such as toothpaste and toothbrushes, indicating that the product is safe and contributes to health oral.
ADA suffers in weekend cyberattack
On Friday, the ADA suffered a cyberattack that forced them to take affected systems offline, disrupting various online services, phones, email and web chat.
The ADA website now displays a banner indicating that their website is experiencing technical difficulties and that they are working to get the systems back up and running.
This outage is causing online services to be inaccessible, including the ADA Store, ADA Catalog, MyADA, Meeting Registration, Fee Pages, ADA CE Online, ADA Accreditation Service, and ADA Transitions. ADA practice. The company has also resorted to using Gmail addresses while its email systems are offline.
When BleepingComputer contacted the ADA for comment about the attack, they told us that they were only experiencing technical issues and that they were investigating the cause of the outage.
However, emails sent to ADA members and seen by BleepingComputer paint a much bleaker picture.
Last night, the ADA began emailing its members, including state dental associations, practices and organizations, with an update on the attack and information that can be shared with the recipient’s members.
“On Friday, the ADA was the victim of a cybersecurity incident that caused an outage in certain systems, including Aptify and the ADA’s email, phone, and web chat. Upon discovery, the ADA responded immediately by taking the affected systems and began an investigation into the nature and extent of the outage,” read an email sent to ADA members and seen by BleepingComputer.
The email says they are working with “third-party cybersecurity specialists” and law enforcement to investigate the attack.
“Federal law enforcement has been notified and we are cooperating with them in this active investigation, so we ask for your understanding that we must limit the amount of detail we can share at this time. In the meantime, we understand you may receive questions about the incident.” of members”, continues the email sent by ADA to its members.
“It is important that we provide members with accurate information about this incident. It is equally important that we respond with accurate information while also being aware that this is an active investigation.”
The ADA cyberattack is not only affecting its website, but also state dental associations, such as those in New York, Virginia, and Florida, that rely on ADA online services to register an account or pay fees.
The ADA says that preliminary investigations do not indicate that member information or other data has been compromised. However, the description of this attack sounds like a ransomware attack, and almost all of the initial press releases say the same thing, with stolen data later released by threat actors.
BleepingComputer has contacted the ADA with further questions about the attack, but has not received a response.
Black Basta ransomware gang leaks ADA data
A new ransomware gang known as Black Basta has claimed responsibility for the attack on the American Dental Association.
Shortly after publishing this story, the security researcher MalwareHunterTeam told BleepingComputer that threat actors had started leaking data allegedly stolen during the ADA attack.
The data leak site claims to have leaked approximately 2.8 GB of data, which threat actors say is 30% of the data stolen in the attack.
This data includes W2 forms, NDAs, accounting spreadsheets, and information about ADA members from screenshots shared on the data leak page.
Leakage of dentist information can be particularly damaging, as small dental practices generally do not have dedicated network or security administrators.
This lack of dedicated IT staff typically makes their networks less secure than those of larger corporations with a significant security budget.
Due to the potential leak of information from ADA members to other threat actors, it is strongly recommended that all ADA members be on the lookout for spear phishing emails that attempt to steal login credentials or other information. confidential.
Dental offices should also ensure that they do not expose any remote desktop services or other potential avenues for initial access to their networks and instead place them behind a VPN.
Update 4/26/22: Added information about the Black Basta ransomware claiming the ADA attack.