The ADA is "making significant progress" in restoring operations following a cybersecurity attack that left its communication and membership systems paralyzed for nearly three weeks, according to a statement the ADA gave to DrBicuspid.com on May 11.
After being rigorously tested, the membership software system the ADA uses to process membership applications, renewals, and product orders has been verified to resume operations, according to the ADA. On April 22, the association stated the attack caused technical difficulties that forced it to take its phone, online chat, membership, and email systems offline.
As of this reporting, the ADA's website still has a message that states, "To place an order for ADA Catalog products, please contact one of our resellers, such as Patterson Dental or Henry Schein." Also, the ADA continues to email using Gmail accounts instead of association accounts.
Although ransomware gang Black Basta claimed responsibility for hijacking the ADA's systems and alleged it had started leaking the stolen data online after a story was published about the incident on April 26, the ADA states that doesn't appear to be the case.
"At this point in the investigation, we have no evidence that data from our membership database has been accessed by unauthorized entities," according to the ADA's May 11 statement.
However, the ADA further stated, "It is important to note that our investigation is still ongoing and has not fully concluded."
Black Basta claims to have stolen data from the ADA, which has approximately 162,000 members. On a data leak page, it claims that 2.8GB of stolen data, including W-2 forms, nondisclosure agreements, personal information about ADA members, and accounting spreadsheets, had been released. Also, Black Basta claims the data dump is only about 30% of what it had stolen.
Nevertheless, the ADA is reviewing and enhancing existing policies and procedures to reduce the likelihood of another attack happening in the future.
"The association is in regular contact with state and local dental societies to gather and respond to members' questions and is dedicated to addressing this incident in the best interest of our members," according to the statement.
Finally, state dental associations in Florida, New York, and Virginia, which use the ADA's online tools to allow members to pay dues and register accounts, remain affected by the cyberattack. Their sites still have messages posted that they are experiencing technical difficulties.