American Dental Association confirms cyberattack after ransomware group claims credit

The American Dental Association (ADA) confirmed Wednesday that it was hit with a cyberattack on April 21. 

The professional association for dentists, which has more than 160,000 members, told The Record in a statement that it is currently investigating the incident alongside third-party cybersecurity specialists and federal authorities. 

The ADA did not provide details about the attackers or their methods. The Black Basta ransomware group has claimed credit for the attack, according to Emsisoft analyst Brett Callow and the independent MalwareHunterTeam, which tracks ransomware incidents.

The ADA said it sent a letter to members on April 25 explaining the situation and its response. 

The organization said it discovered the attack on April 21 when certain systems — including its Aptify email application, telephone network and web chat — were disrupted. The IT team took the affected systems offline and began the investigation. 

The organization said “no member information or other data has been compromised” but noted that incident response isn't complete.

“We have an active and vigorous investigation into the nature and scope of the technical difficulties. If we determine personal information was impacted as a result of this incident, we will notify affected parties pursuant to applicable law,” the organization told its members before providing an email address that could be used to send questions. 

Bleeping Computer, which first reported the attack on the ADA, noted that regional websites handling account management and dues were also affected by the incident. 

Black Basta says it has leaked 30% of the 2.8 GB of data it claims to have stolen. The attackers say the data includes financial information, spreadsheets, W2 forms and troves of information on ADA members.

The group is relatively new and the ADA was the first organization the ransomware group added to its leak site. It was followed by wind farm operator Deutsche Windtechnik and several others, according to MalwareHunterTeam.

"Basta is a new group - or, probably more likely, a new brand by an existing group. Ten victims are listed on their leak site, in addition to the ADA," Callow said. "The ransomware they use is secure and doesn’t seem to be based on any other type of ransomware."