The British Dental Association (BDA) has had a data breach creating worries that the bank account numbers of some UK dentists may have been stolen.
The BBC has reported that the professional association emailed its membership to advise them of a breach, & explaining it is currently not sure which information has been accessed. The BDA also urged vigilance about any correspondence appearing to originate from a bank.
It was further stated by the BBC stated that whilst the organisation does not store its members’ card details. However, it does hold their account numbers & sort codes, so as to collect direct-debit payments.
Notes of Cases
In an email to their members, the BDA reportedly referred to “logs of correspondence & notes of cases” as being among the data it has assumed stolen, which suggests that hackers may also have access to sensitive patient information.
BDA CEO Martin Woodrow added in his email “Owing to the sophistication of these criminals, we cannot, so far, confirm the full extent of information that has been accessed.
“We are devastated & apologise unreservedly for this breach.”
The BDAs website is now offline due to the “sophisticated cyber-attack,” with the association stating that “our IT experts have been working to rebuild our systems since the incident occurred & this is progressing well.”
Commenting on this incident, Jake Moore, Cyber-Security Specialist at ESET, observed “It doesn’t seem a week goes by without it being necessary to remind people to be vigilant against this recent influx of hacks. However, it remains more important than ever to be cautious.
“It appears a large spread of personal data has been taken, so it is essential to remain on the lookout for any communication requesting further details which may add pieces to the identity theft jigsaw.
“Although the BDA has been magnanimous in making those affected aware of the breach quickly & reporting themselves to the ICO, the problems are far from over.”
Chris Harris, Technical Director, EMEA at Thales, further added: “While being hacked itself is a worry in the 1st place, it is concerning that it’s still unclear what information was taken.
“For any business’ security strategy to be successful, protecting their sensitive data through implementing methods like encryption and multi-factor authentication must be at the heart of it.
With this in place, companies can rest safe in the knowledge that even if data is taken, it cannot be accessed, thus protecting them & their customers from further damage down the line through aspects like phishing attacks.”