FBI Warns Dental Practices of Cybersecurity Threat

 Download/Print Risk Alert (PDF)

May 9, 2024On May 6, 2024, the FBI issued a warning to the American Dental Association and the American Association of Oral and Maxillofacial Surgeons regarding a credible cybersecurity threat. The group behind the attacks is threatening to target oral surgery practices, but the FBI believes general dentistry and other specialty practices could be targets soon.
 
Please be aware that attackers often use social engineering scams including phishing, smishing and vishing to gain access to protected health information and other patient information such as social security numbers.  Make sure that your staff is properly trained in HIPAA and IT security requirements. The practice owner is responsible for the proper training of staff on measures, such as teaching your team to recognize and avoid phishing, requiring strong passwords, requiring multifactor authentication, and updating all business software, to help reduce any possible cyber-attack and the response to an attack if it occurs.
 
The FBI provided an example in which the threat actor poses as a new patient or says they want to become a patient at the practice to obtain new patient forms online. Once the forms are received, the threat actor will then contact the practice to report they are having trouble submitting them online and ask if they can scan the forms and email them instead. The threat actor then emails the “forms” as an attachment. When the attachment is opened malware is deployed in a phishing scheme.
 
The FBI requests dental practices that experience any fraudulent or suspicious activities to report them to the FBI Internet Crime Complaint Center at ic3.gov.

More information can be found at ADA.org/riskmanagement.