{ "id": "73294cd6-1fdc-469e-8a88-1ba25ba4387d", "created_at": "2026-04-06T00:10:19.666408Z", "updated_at": "2026-04-10T03:24:30.245084Z", "deleted_at": null, "sha1_hash": "698ff8977a18d9c466c65698cb5986b92d62c05b", "title": "American Dental Association hit by new Black Basta ransomware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2486499, "plain_text": "American Dental Association hit by new Black Basta ransomware\r\nBy Lawrence Abrams\r\nPublished: 2022-04-26 · Archived: 2026-04-05 13:21:00 UTC\r\nThe American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their\r\nnetwork while investigating the attack.\r\nThe ADA is a dentist and oral hygiene advocacy association providing training, workshops, and courses to its 175,000\r\nmembers.\r\nFor many living in the USA, you will likely recognize the ADA Accepted seal on oral hygiene products, such as toothpaste\r\nand toothbrushes, indicating that the product is safe and contributes to oral health.\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nADA suffers a weekend cyberattack\r\nOn Friday, the ADA suffered a cyberattack that forced them to take affected systems offline, which disrupted various online\r\nservices, telephones, email, and webchat.\r\nThe ADA website now shows a banner stating that their website is experiencing technical difficulties, and they are working\r\non getting systems running again.\r\nOutage message on ADA.org\r\nSource: BleepingComputer\r\nThis outage is causing online services to be inaccessible, including the ADA Store, the ADA Catalog, MyADA, Meeting\r\nRegistration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice  Transitions. The\r\ncompany has also resorted to using Gmail addresses while its email systems are offline.\r\nWhen BleepingComputer reached out to ADA for comment about the attack, we were told that they were just suffering\r\ntechnical issues and were investigating the cause of the disruption.\r\nHowever, emails sent out to ADA members and seen by BleepingComputer paint a much grimmer picture.\r\nLast night, the ADA began emailing its members, including state dental associations, practices, and organizations, with an\r\nupdate about the attack and information that can be shared with the recipient's members.\r\n\"On Friday, the ADA fell victim to a cybersecurity incident that caused a disruption to certain systems, including Aptify and\r\nADA email, telephone and Web chat. Upon discovery, the ADA immediately responded by taking affected systems offline\r\nand commenced an investigation into the nature and scope of the disruption,\" reads an email sent to ADA members and seen\r\nby BleepingComputer.\r\nThe email says that they are working with \"third-party cybersecurity specialists\" and law enforcement to investigate the\r\nattack. \r\n\"Federal law enforcement has been notified and we are cooperating with them in this active investigation, so we ask for your\r\nunderstanding that we must limit the amount of detail that we can share at this time. In the meantime, we understand you\r\nmay receive questions about the incident from members,\" continues the email sent by ADA to its members.\r\n\"It is important that we provide members with accurate information regarding this incident. It is equally important that we\r\nrespond with accurate information while also being cognizant that this is an active investigation.\"\r\nThe ADA's cyberattack is not only affecting their website, but also state dental associations, such as those in New York,\r\nVirginia, and Florida, who rely on ADA's online services to register an account or pay dues.\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 3 of 6\n\nOutage message on New York's Dental Association website\r\nSource: BleepingComputer\r\nThe ADA says that preliminary investigations do not indicate that member information or other data has been compromised.\r\nHowever, the description of this attack sounds like a ransomware attack, and almost every initial press statement says the\r\nsame thing, with stolen data later published by threat actors.\r\nBleepingComputer has contacted the ADA with further questions about the attack but has not heard back.\r\nBlack Basta ransomware gang leaks ADA's data\r\nA new ransomware gang known as Black Basta has claimed responsibility for the attack on the American Dental\r\nAssociation.\r\nSoon after publishing this story, security researcher MalwareHunterTeam told BleepingComputer that the threat actors had\r\nbegun leaking data allegedly stolen during the attack on ADA.\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 4 of 6\n\nADA on Black Basta ransomware data leak site\r\nSource: BleepingComputer\r\nThe data leak site claims to have leaked approximately 2.8 GB of data, which the threat actors state is 30% of the data stolen\r\nin the attack.\r\nThis data includes W2 forms, NDAs, accounting spreadsheets, and information on ADA members from screenshots shared\r\non the data leak page.\r\nThe leaking of dentists' information can be particularly damaging, as small dental practices typically do not have dedicated\r\nsecurity or network admins.\r\nThis lack of dedicated IT personnel typically causes their networks to be less secure than larger corporations with a\r\nsignificant security budget.\r\nDue to the potential leak of ADA members' information to other threat actors, it is strongly advised that all ADA members\r\nbe on the lookout for targeted spear-phishing emails that attempt to steal login credentials or other sensitive information.\r\nDental practices should also ensure they are not exposing any remote desktop services or other potential avenues for initial\r\naccess to their networks and should place them behind a VPN instead.\r\nUpdate 4/26/22: Added information about Black Basta ransomware claiming the attack on ADA.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 5 of 6\n\nSource: https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/american-dental-association-hit-by-new-black-basta-ransomware/" ], "report_names": [ "american-dental-association-hit-by-new-black-basta-ransomware" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434219, "ts_updated_at": 1775791470, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/698ff8977a18d9c466c65698cb5986b92d62c05b.pdf", "text": "https://archive.orkl.eu/698ff8977a18d9c466c65698cb5986b92d62c05b.txt", "img": "https://archive.orkl.eu/698ff8977a18d9c466c65698cb5986b92d62c05b.jpg" } }