Your dentist’s office migh
t be going through its mail a little more carefully in the coming days after several thousand offices were mailed malware-infected USB drives. This wasn’t just some random mailing, though.
The infected drives come straight from the American Dental Association (ADA). Oops. The issue was first reported by a user on the DSL Reports Security Forum who received the USB drive at the office where he works. The drive is built into a credit card-shaped form and is supposed to contain a digital version of updated dental procedure codes that dental offices use for billing and insurance. However, some of the drives contained a little something extra.
One of the files on the flash drive tries to open a web page that is known for distributing malware. The site attempts to inject Windows machines allowing the distributors to gain full remote control of the system. A computer with medical records would really be the holy grail, too. Not only are there billing details and social security numbers, there’s a ton of personal information that could be used for phishing attacks.
The ADA has confirmed that it did send the USB drives. However, they were manufactured in a Chinese facility. An investigation is underway, but the current working theory is that one of the machines that loads files on to the drives was infected with malware, which then copied itself to all the USB drives it produced.
A notice has been sent out by the ADA informing dentists of the incident, but it’s not a very prudent one. It says antivirus software should protect systems, but not all of them even recognize the domain as malicious. The notice also says drives that have already been used successfully should be considered safe. That’s probably not a good idea. Frankly, encouraging offices with HIPPA-protected data to plug in random USB drives was probably not the best idea in the first place.
American Dental Association mailed malware-infected USB drives to thousands of offices
Posted by imediatech On
