A ransomware crew -- Black Basta -- is taking responsibility for the cyberattack that struck the ADA, which crippled its communication systems and more, and claims to have started leaking member data, according to a story published April 26 in Bleeping Computer.
After news of the attack was published on April 26, the hackers allege they began leaking data they claim they had stolen from the ADA, which has approximately 162,000 members. A data leak page claims that 2.8GB of stolen data, including W-2 forms, nondisclosure agreements, personal information about ADA members, and accounting spreadsheets, has been dumped. Black Basta claims this data dump is about 30% of what they have stolen, according to the story.
The attack on the ADA is also affecting some state dental associations, including those in New York, Florida, and Virginia. Each of the association's websites have posted warnings that they are having technical difficulties. They use the ADA's online services so that members can pay dues and register accounts, according to Bleeping Computer.
Experts warn members to be cautious
Based on the claims, the ADA hack may be more drastic than initially indicated in statements from the ADA and a press release from the Nebraska Dental Association on April 25.
In the release, the ADA states that the cyberstrike on April 22 caused technical difficulties that disrupted its email, phone, online chat, and membership software systems and that it was under investigation. However, at that time, "there is no indication any member information and other data has been compromised," April Kates-Ellison, ADA vice president, member and client services, said in a press release.
Cybersecurity experts warn that the breached dentists' information can be especially damaging, since many small practices do not have dedicated security or network administrators, making them less secure and targets for threats. ADA members should be watching for targeted phishing emails that aim to steal sensitive information, according to the story.
The ADA has not responded to requests for comments.