The FBI informed the ADA and the American Association of Oral and Maxillofacial Surgeons (AAOMS) of a credible cybersecurity threat to the practices of oral and maxillofacial surgeons. The FBI said that as of that date there were no known cyberattack victims, but the agency is working proactively to raise awareness to help prevent victimization. The FBI suspects the group behind the cyberattacks may be shifting tactics to oral and maxillofacial surgery practices after targeting plastic surgeons last year.
The FBI provided an example in which the threat actor poses as a new patient or says they want to become a patient at the practice to obtain new patient forms online. Once the forms are received, the threat actor will then contact the practice to report they are having trouble submitting them online and ask if they can scan the forms and email them instead. The threat actor then emails the “forms” as an attachment. When the attachment is opened malware is deployed in a phishing scheme.