The American Dental Association is notifying members after learning it may have inadvertently sent them malware-infected USB flash drives, reports KrebsOn Security.
The flash drives contained 2016 dental procedure codes dental offices use for billing purposes. One of the files on the flash drive appears to be infected with a code that tries to open a webpage cybercriminals use to distribute malware on computers, according to the report.
The ADA told KrebsOn Security the hardware was manufactured in China by a subcontractor of an ADA vendor. Approximately 37,000 devices were distributed, but the ADA said "only a small percentage" of them were infected with the malware.
The ADA also said it believes one of the duplicating machines became infected with the malware while producing devices for another customer, and the machine later infected the ADA's devices.
"Our random quality assurance testing did not catch any infected devices," the ADA said in an emailed statement to KrebsOn Security. "Since this incident, the ADA has begun to review whether to continue to use physical media to distribute products."
More articles on malware:
What’s driving healthcare attacks?
Ransomware prevention is dead: Making a case for detection based defense in healthcare
Digital extortion: 26 things to know about ransomware