MMG Fusion Data Breach – What Happened?

Cyber Attacks & Randsomware

Allegedly, a data breach occurred on the servers which contain MMG Fusion's website and data on Dec. 20, 2020. However, it cannot be substantiated by a reliable source that we have been able to find. The only sites which are reporting the breach occurred are ones that our staff has never heard of, nor did said sites provide any backing information to prove the breach occurred.

Reporting should be based on facts, and by not supplying facts when "reporting" an alleged hacking attempt is alarming to say the least. If the hack did occur, where on the Dark Web is the data? A screen shot? Any proof would lend credibility.

Why Are American Companies Receiving The Backlash and Not The Terrorists?

Colonial Pipeline was hacked on May 7, 2021, by the RandsomeWare group DarkSide, and a few weeks later the JBS beef packing plants, were also hacked. Suddenly, the east coast of the US came to a crawl as there was a sudden gas shortage, and now the main staple of the US food supply, beef, had their plants compromised in an alleged successful hacking attempt.

Angry phone calls, emails, social media rants, etc. were made against the two companies by American citizens. Yet, there was zero-backlash against the terrorists who performed the alleged attack.

Ask yourself, what is the driving force behind pointing the finger at American-based companies with hard-working Americans as the foundation of these companies, only to be compromised, not with weapons of mass destruction, but from computer code.

Is it the media? Is it the "cybersecurity experts" who are looking to make a name for themselves during each security breach?!?! Maybe it is a combination, but whichever it is, the losers are the American companies, and thus, the American people as they suffer through higher prices and other annoyances which can greatly affect a person's quality of life.

What Was Reported But Not Confirmed

Personal Data and Personal Information: Allegedly, data was breached but cannot be confirmed by any reliable source. Phone numbers, email addresses, and login credentials were mentioned as the data which was breached.

Leaked Files: Supposedly leaked files were uploaded to the Dark Web, but this cannot be substantiated either.

Dark Web: In short, the Dark Web is the part of the World Wide Web that is only accessible if you have special software. The reason it was created was to share/sell information that has been deemed illegal in most countries. The transactions can occur as the Dark Web allows users and website operators to remain anonymous or untraceable This makes monitoring from law enforcement ineffective.

No IP Addresses which can be traced are able to be captured.

Summary: An unidentified person claimed responsibility of hacking MMG Fusion's server in December 2020, but has not supplied any evidence that the attack was successful.

What is MMG Fusion Data Breach?

An alleged breach in December 2020 of the webserver controlled by MMG Fusion, and allegedly customer information was taken and placed on the Dark Web. Additional personal information is unknown at this time.

What Does MMG Fusion Do?

The MMG Fusion developed a cloud-based suite of tools for dentists to improve their office performance, expand their number of patients, and fill "empty chairs" during their daily schedules.

The system (dental marketing software) is accessed via a browser window on the internet, and the strength of this system is that it is available as an "all-in-one integrated system" or, for dental practices who have distinct needs who don't require the full suite can choose separate modules. 

The modules include:

  • patient communication
  • patient engagement
  • online marketing
  • search optimization
  • social media marketing
  • online reputation management
  • incoming call recording and tracking
  • schedule optimization
  • ROI assessment

Client data and user records are stored and secured on the server.

What is MMG Fusion Alerts?

This is detailing the usage and features of MMG Fusion software for dentists, which allow for pop-ups to occur in order to alert users of new messages. These can be seen as a way to improve patient communications.

What is a Threat Actor?

This phrase is tied to Cyber Security. Most feel if they don't own a company and are just a home user, the threat of having their data compromised is low. This is untrue in today's reality of sophisticated "hackers" who should, instead, be referred to as terrorists.

Simply put, a "threat actor" or "threat actors" is defined as a person or persons who performs an intentional malicious action against your internet security with the sole purpose of obtaining confidential/personal information for the use of identiy theft to apply for loans or other options to obtain funds in someone else's name. This can damage a person's credit, or in the case of a corporation, it can bring the business functions to its knees as we saw with the cyberattacks on the oil pipeline and meat processing plants in the first half of 2021.

Types of Threat Actors

Cybercriminal: (CTA) is a participant (person or group) in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks.

Insider Threats: An insider threat is a security risk that originates within the targeted organization. This doesn't mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.

Nation States: Defining what a "nation-state threat actor" is may seem like a simple task: a hacker or group of hackers working with an adversarial government that commits acts of cybercrime against the U.S. or its allies.

Who is MMG Fusion?

MMG FusionFounded in 2015, MMG Fusion is dedicated to creating innovative technology solutions that help dentists build thriving practices by making front office management and practice marketing simple and intuitive. By creating a revolutionary dental practice management software, MMG Fusion allowed dentists to fill chairs, expand their practice, increase revenues while lowering expenses and overhead.

What is a Cyber Threat Intelligence Analyst (CTIA)?

In short, a cyber threat intelligence analyst (CTIA) looks for potential threats to stored data and either makes recommendations on how to secure the data from threats or makes the necessary changes or upgrades to the system themselves.

Some say the job is less stressful than most tech jobs, however, I doubt the stress is low when a cyber attack is successful. 

The job pays well with an average annual salary of $110k according to ZipRecruiter.