The British Dental Association (BDA) has announced that a major cyberattack has put the private data of its members at risk.
Hackers have supposedly gained access to names, contact details, transaction histories, bank details, logs of correspondence and case notes, giving them the opportunity to carry out identity theft scams.
As a result of the attack, the BDA says it has informed the Information Commissioner’s Office and is reaching out to those affected and rebuilding its systems.
The severity of the attack has caused the company to close down its website, with a notice saying: “We have recently been the victim of a cyber incident. As a precaution, we have taken some of our systems offline, such as our website and telephone servers.
“Our IT team are doing everything they can to get our systems back up and running for you as soon as possible.”
Details of the alleged hack have so far not been revealed, but the BDA says that it was possible that the information has been stolen.
Chief executive of the BDA, Martin Woodrow, said in a statement: “On 30 July our website went down. As we attempted to restore services it became clear hackers had accessed our systems.
“Owing to the sophistication of these criminals we cannot, as yet, confirm the full extent of information the hackers accessed.
“We are devastated and apologise unreservedly for this breach. We will keep members updated as the situation develops.”
The BDA is the UK’s professional association and registered trade union organisation for dentists. A large percentage of the organisation’s members are family dentists working for the NHS and private care.
Card details are apparently not stored in the system, but the BDA does hold account numbers and sort codes to collect direct debit payments.
The organisation has advised members to “exercise caution” when receiving emails or phone calls from someone claiming to be from banks, utility providers or the BDA themselves.
- Employee mistakes cause almost half of cybersecurity issues
- Business hit with six-fold increase in cybersecurity losses in past year
- Greater support needed to boost female representation in cybersecurity
This cyber-attack is just the latest in a string of major attacks on institutions attempting to steal private information.
In some cases, it is lack of cybersecurity measures on systems and human error that causes the breach, although, in the case of the BDA attack, details have so far not been released.
A report from mid-July revealed that almost half of cybersecurity issues are caused by staff error.
Commenting on the breach, Chris Harris, Technical Director, EMEA, Thales told DIGIT: “While being hacked itself is a worry in the first place, it’s concerning that it’s still unclear what information was taken.
“For any business’ security strategy to be successful, protecting their sensitive data through implementing methods like encryption and multi-factor authentication must be at the heart of it.
“With this in place, companies can rest safe in the knowledge that even if data is taken, it can’t be accessed – protecting them and their customers from further damage down the line through aspects like phishing attacks.”