Recently the FBI sent an alert to the American Dental Association (ADA) and the American Association of Oral and Maxillofacial Surgeons (AAOMS) of a credible cyber threat targeting practices.
The May 6, 2024 alert, indicated that practices of Oral and Maxillofacial Surgery as well as other dental and specialty practices.
Hackers are using a form of phishing and social engineering to gain access to the practice through corrupted emails. The current threat is by calling practices and making a new patient appointment. The hacker will then call back and indicate that they are having trouble completing the online forms and would like to e-mail them directly to the practice. Once the e-mail is received there is a attachment or a link within the e-mail which when open downloads malicious code that potentially sits in the practice network for several days and begins exfiltrating or stealing data.
It is not uncommon in today’s threat landscape for hackers to use social engineering such as emails and texting and even voice mail to gain access to sensitive information and to networks. By making the practice believe that they are attempting to do some sort of business with the practice they are able to gain access. I was recently in a practice where they received a call from a company claiming that they needed to confirm what practice management software was being used. This is a form of social engineering getting the practice to release information that can be used later against the practice.
It is important that every practice be vigilant and be attentive to these type of attacks as are projected to increase. Steps you can take today.
· Train your team to recognize phishing emails
· Train your team to limit information being shared with callers to the practice.
· Require strong passwords to workstations and different passwords to the practice management.
· Use 2FA whenever possible.
The FBI request that if you experience suspicious activity or are the victim of such attacks that you Viola report with them through the FBI Internet crime complaint center at ic3.gov.