ADA sends out infected flash drives to 37,000 dentists

We all know that you need to be careful when clicking on any links in an email that seem questionable, even if they appear to be from someone that you know. The same thing goes for plugging in flash drives. And thousands of dental offices around the country are learning that that hard way, right now.

Recently, the American Dental Association sent out flash drives to offices around the country who are members of the association. These are routinely sent out, and contain copies of their updated "dental procedure codes." These codes are used in conjunction with their billing and insurance systems. And I bet you can see where this is going, can't you?

Each and every one of the thousands of flash drives sent out had a little something extra on it. When someone examined one of the files, they found that it was set to open a website that will attempt to automatically install malware. The malware that is installed can be used to completely take over the infected computer. And remember, the computers that these are being plugged into are the ones used by dental offices to track insurance and billing for all of their patients. This means that if these computers are infected, the malware's creator can gain access to all of the private records of every patient in that office.

What's really interesting is that the ADA has confirmed that they were indeed the ones sending these flash drives out. They stated that the drives were produced by a subcontractor in China, and that roughly 37,000 of the infected drives were shipped out. They have since emailed all of their members, warning them of the contents of the flash drive, and giving them a link to simply download the PDF file that is needed. Perhaps that's what they should do in the future, as well.

VIA: KrebsonSecurity