The American Dental Association (ADA) urges all dental practices to remain vigilant after it was contacted by the Federal Bureau of Investigation (FBI) with information regarding a credible threat to the practices of oral and maxillofacial surgeons.
On Tuesday, May 6, 2024, the FBI informed the ADA and the American Association of Oral and Maxillofacial Surgeons (AAOMS) of a credible cybersecurity threat to the practices of oral and maxillofacial surgeons. The FBI said that as of that date there were no known cyberattack victims, but the agency is working proactively to raise awareness to help prevent victimization. The FBI suspects the group behind the cyberattacks may be shifting tactics to oral and maxillofacial surgery practices after targeting plastic surgeons last year.
While this current threat is focused on oral and maxillofacial surgeons, the FBI is concerned that the practices of general dentists and other specialists could also eventually be targeted.
Cybercriminals often use social engineering scams — such as phishing (email), SMSishing (through text or instant messaging apps) and vishing (using phone calls and voicemail) — to gain access to sensitive personal data such as electronic protected health information. Spear phishing refers to a phishing email appearing to be from a trusted contact. For example, a threat actor may use phishing to impersonate a credentialing agency. Through these scams, threat actors try to convince people to reveal sensitive information, or to click on a link, open an attachment or visit a website that causes malware to be deployed. This malware can lead to ransomware, which blocks system and/or file access until money is paid.
The FBI provided an example in which the threat actor poses as a new patient or says they want to become a patient at the practice to obtain new patient forms online. Once the forms are received, the threat actor will then contact the practice to report they are having trouble submitting them online and ask if they can scan the forms and email them instead. The threat actor then emails the “forms” as an attachment. When the attachment is opened malware is deployed in a phishing scheme.
The FBI requests dental practices that experience any fraudulent or suspicious activities to report them to the FBI Internet Crime Complaint Center at ic3.gov.
The Cybersecurity & Infrastructure Security Agency (CISA) recommends four vital ways to protect your practice from cyberthreats:
The following resources are also available to support healthcare professionals:
As the nation’s largest organization of dentists, the ADA is advocating on behalf of all dentists at the federal level to recommend several measures to protect and ensure the resilience of health care infrastructure against cyber threats. The ADA will continue to lead this charge and provide cybersecurity updates as they become available, all in service to you and your patients. Please visit ADA.org to see the many ways the ADA advocates on behalf of dentists nationwide.