Recently, the ADA (American Dental Association) sent USB flash drives out to dental offices all over the country. The drive contained updated billing rates and instructions for filing claims with various insurance companies. Unfortunately, some of the drives contained something more than that – they were infected with malware that attempts to load a webpage known for distributing malware, and install software that would give hackers complete remote access to the system.
Open access to a machine in a dentist’s office would be a goldmine for any hacker. Not only does it contain PHI (Protected Health Information), personal identity information and social security numbers, which is of great inherent value on the Dark Web, but the information contained in those records would also give any savvy hacker lots of material to work with to conduct highly personalized, extremely targeted phishing attacks, enabling them to get even more information from unsuspecting recipients of the emails they sent out.
The ADA is currently investigating the matter, and confirms that they did indeed send the flash drives. Right now, the theory about what happened is that when the drives were being manufactured in China, one of the machines used to load the files onto each drive was itself infected, and this caused the infection to spread to every drive that interacted with the infected machine.
If your company sometimes receives updates in this manner (a flash drive from a vendor or key supplier), this underscores the importance of careful evaluation of anything you’re set before you simply plug it into your network. To do any less is to leave an opening for the hackers, and make it easy for them to gain complete access to your system and your proprietary data.
If you’re not sure how to guard against this type of threat, contact us today and a member of our team will be happy to assist you in evaluating the current state of your network’s security. We can make recommendations about changes you’ll need to make in order to better secure your data, and assist you in actually implementing those recommendations.