The American Dental Association (ADA) has recently confirmed to its members that technical difficulties are being experienced due to a cyberattack that occurred over the weekend. The ADA website states that “technical difficulties” are being experienced and efforts are underway to bring its systems back online.
While the ADA has not publicly confirmed that this was a cyberattack, notifications have been sent to its 185,000 members via email explaining the disruption was caused by a cyberattack, which has affected its website, ADA email, web chat, telephone system, and other systems such as Aptify, which remain offline.
Third-party cybersecurity specialists have been engaged to investigate the nature and scope of the breach and law enforcement has been informed. The extent to which the sensitive data of members, dental associations, and dental practices has been affected is not known at this stage; however, it would appear that several state dental associations have been affected by the attack, as their websites are also down due to “technical difficulties.”
The ADA has not explained the nature of the attack and said it has not found evidence of data theft at this stage; however, the Black Basta ransomware gang has claimed responsibility and claims to have published a sample of the data allegedly stolen from the ADA on its data leak site. The threat actors claim to have exfiltrated 2.8GB of data and say around 30% of the data exfiltrated prior to exfiltration has been made public. Some of the files uploaded to the leak site contain sensitive employee information, financial data, and information about ADA members.
Black Basta is a new ransomware variant that appeared this month. Several victims have taken to online forums to find out more information after suffering a ransomware attack that involved encrypted files having the .basta extension added. Initial analysis indicates the ransomware is written in C++ and uses RSA and ChaCha20 for encryption. The ransom note states victims have 7 days to pay the ransom or data exfiltrated in the attack will be made public.