MMG Fusion Data Breach - What Happened? **UPDATED**

July 10, 2022
Cyber Attacks & Randsomware

MMG FUSION DATA BREACH UPDATE: We have been contacted by MMG Fusion directly and have been given the following statement.

Updated Statement from MMG Fusion Regarding the December 2020 Cyberattack and Data Breach

MMG Fusion has acknowledged that the company had been the victim of a targeted cyberattack on December 21, 2020. It was ultimately ascertained that the attack not only resulted in the malicious destruction of MMG Fusion databases, but also included a breach of stored information, including demographic data such as names, phone numbers, and email addresses of end-users of the Company’s software. Not included in the extracted information was any financial data, records, or information that could be used to obtain financial information as MMG Fusion does not have access to this data.
-------------------------
The Company has informed us that they maintained timely, thorough communications with their customers throughout the investigation into the incident.

Due to this new information, that we have obtained and verified, we have edited our findings in this article.

MMG Fusion

Why Are American Companies Receiving The Backlash and Not The Terrorists?

Colonial Pipeline was hacked on May 7, 2021, by the RandsomeWare group DarkSide, and a few weeks later the JBS beef packing plants, were also hacked. Suddenly, the east coast of the US came to a crawl as there was a sudden gas shortage, and now the main staple of the US food supply, beef, had their plants compromised in an alleged successful hacking attempt.

Angry phone calls, emails, social media rants, etc. were made against the two companies by American citizens. Yet, there was zero-backlash against the terrorists who performed the alleged attack.

Ask yourself, what is the driving force behind pointing the finger at American-based companies with hard-working Americans as the foundation of these companies, only to be compromised, not with weapons of mass destruction, but from computer code.

The Great Reset

Is it the media? Is it the "cybersecurity experts" who are looking to make a name for themselves during each security breach?!?! Maybe it is a combination, but whichever it is, the losers are the American companies, and thus, the American people as they suffer through higher prices and other annoyances which can greatly affect a person's quality of life.

What Was Reported And Now Confirmed

Personal Data and Personal Information: The data which was breached included, names, phone numbers, email addresses of the users of said software. However, no financial information was compromised as this was never stored nor saved.

Leaked Files: We cannot confirm the location of leaked files as our team could not locate any on the Dark Web.

Dark Web: In short, the Dark Web is the part of the World Wide Web that is only accessible if you have special software. The reason it was created was to share/sell information that has been deemed illegal in most countries. The transactions can occur as the Dark Web allows users and website operators to remain anonymous or untraceable This makes monitoring from law enforcement ineffective.

mmg-patient-detail

Who is MMG Fusion?

MMG FusionFounded in 2015, MMG Fusion is dedicated to creating innovative technology solutions that help dentists build thriving practices by making front office management and practice marketing simple and intuitive. By creating a revolutionary dental practice management software, MMG Fusion allowed dentists to fill chairs, expand their practice, increase revenues while lowering expenses and overhead.

What Does MMG Fusion Do?

The MMG Fusion developed a cloud-based suite of tools for dentists to improve their office performance, expand their number of patients, and fill "empty chairs" during their daily schedules.

The system (dental marketing software) is accessed via a browser window on the internet, and the strength of this system is that it is available as an "all-in-one integrated system" or, for dental practices who have distinct needs who don't require the full suite can choose separate modules. 

The modules include:

  • patient communication
  • patient engagement
  • online marketing
  • search optimization
  • social media marketing
  • online reputation management
  • incoming call recording and tracking
  • schedule optimization
  • ROI assessment

Client data and user records are stored and secured on the server.

What is MMG Fusion Data Breach?

A breach in December 2020 of the webserver controlled by MMG Fusion occurred and customer information and user records were taken. This was confirmed by MMG Fusion.

What is MMG Fusion Alerts?

This is detailing the usage and features of MMG Fusion software for dentists, which allow for pop-ups to occur in order to alert users of new messages. These can be seen as a way to improve patient communications.

Chicago Plan

What is a Threat Actor?

This phrase is tied to Cyber Security. Most feel if they don't own a company and are just a home user, the threat of having their data compromised is low. This is untrue in today's reality of sophisticated "hackers" who should, instead, be referred to as terrorists.

Simply put, a "threat actor" or "threat actors" is defined as a person or persons who performs an intentional malicious action against your internet security with the sole purpose of obtaining confidential/personal information for the use of identiy theft to apply for loans or other options to obtain funds in someone else's name. This can damage a person's credit, or in the case of a corporation, it can bring the business functions to its knees as we saw with the cyberattacks on the oil pipeline and meat processing plants in the first half of 2021.

Types of Threat Actors

Cybercriminal: (CTA) is a participant (person or group) in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks.

Insider Threats: An insider threat is a security risk that originates within the targeted organization. This doesn't mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.

Nation States: Defining what a "nation-state threat actor" is may seem like a simple task: a hacker or group of hackers working with an adversarial government that commits acts of cybercrime against the U.S. or its allies.

What is a Cyber Threat Intelligence Analyst (CTIA)?

In short, a cyber threat intelligence analyst (CTIA) looks for potential threats to stored data and either makes recommendations on how to secure the data from threats or makes the necessary changes or upgrades to the system themselves.

Some say the job is less stressful than most tech jobs, however, I doubt the stress is low when a cyber attack is successful. 

The job pays well with an average annual salary of $110k according to ZipRecruiter.