Summary: The FBI has informed the ADA of a cybersecurity threat targeting oral and maxillofacial surgeons. The threat, which may also affect general dentists, involves social engineering scams like phishing to access sensitive data. Dental practices should report any suspicious activities to the FBI Internet Crime Complaint Center.

Key Takeaways:

  • Increased Vigilance Needed: Dental practices must stay alert to potential cyber threats, especially those targeting oral and maxillofacial surgeons.
  • Report Suspicious Activities: Any fraudulent or suspicious activities should be reported to the FBI Internet Crime Complaint Center to help prevent victimization.

The American Dental Association (ADA) is urging all dental practices to remain vigilant after it was contacted by the Federal Bureau of Investigation (FBI) with information regarding a credible threat to the practices of oral and maxillofacial surgeons.

Details of the Threat

On May 6, the FBI informed the ADA and the American Association of Oral and Maxillofacial Surgeons (AAOMS) of a credible cybersecurity threat to the practices of oral and maxillofacial surgeons. The FBI said that as of that date there were no known cyberattack victims, but the agency is working proactively to raise awareness to help prevent victimization. 

The FBI suspects the group behind the cyberattacks may be shifting tactics to oral and maxillofacial surgery practices after targeting plastic surgeons last year. While this current threat is focused on oral and maxillofacial surgeons, the FBI is concerned that the practices of general dentists and other specialists could also eventually be targeted.

Common Cyberattack Methods

Cybercriminals often use social engineering scams — such as phishing (email), SMSishing (through text or instant messaging apps), and vishing (using phone calls and voicemail) — to gain access to sensitive personal data such as electronic protected health information. Spear phishing refers to a phishing email appearing to be from a trusted contact. For example, a threat actor may use phishing to impersonate a credentialing agency. 

Through these scams, threat actors try to convince people to reveal sensitive information, or to click on a link, open an attachment or visit a website that causes malware to be deployed. This malware can lead to ransomware, which blocks system and/or file access until money is paid.

Reporting Suspicious Activities

The FBI requests dental practices that experience any fraudulent or suspicious activities to report them to the FBI Internet Crime Complaint Center at ic3.gov.