American Dental Association Uses Chinese Supplier: Sends 37,000 USB Drives With Virus

CustomUSB | Bacteria Flash Drive

Infected from the moment the memory sticks hit their USB ports, American Dental Association (ADA) members didn’t stand a chance against the malware virus spread by a trusted source last year. How did a nifty data-delivery method spiral into a PR nightmare in a matter of seconds? It boils down to three loaded little words: Made in China.

When IT professionals like you seek out a USB supplier, security and reliability are priorities one and two. If you buy foreign hardware to boost your bottom line, it isn’t solely quality that suffers. With your company’s reputation at stake, you can’t afford to risk brand damage and lost trust by buying cheap, potentially malicious parts. Preventing a security breach and inspiring confidence is far more valuable than any funds you might save by outsourcing your USB drives, a hard-learned lesson for the ADA.

Dentistry’s Dirty Drives

The dentist is the last person you’d expect to infect you. Yet, in the fall of 2015, the ADA distributed 37,000 USB flash drives to members. A percentage of those drives, intended to display a searchable PDF manual of CDT 2016 Dental Procedure Codes, injected a malware virus into recipients’ computers.

When you’re an office that stores sensitive medical data, you can’t stick any old thumb drive into your machine. That’s akin to giving abscesses to dental patients who come in for routine cleanings. Of course, the ADA often uses USB flash drives to transfer updated manuals to members. The custom branding on those memory sticks surely inspires trust.

So, exactly how did the ADA allow this security breach to occur? The formerly reputable group saved a few bucks by using a Chinese supplier. It only cost them the trust of dental offices nationwide – a high price to pay for skipping an important step like quality assurance.

Even though the ADA sent out a warning to all members about the infected USB drives, and even though they claimed that anti-virus software installed on office computers should stop the virus in its tracks, a noteworthy number of members unwittingly handed control of their computers to hackers.

With Social Security numbers, bank account numbers, and other personal information, a medical office is a hotbed of highly sought-after data. Making matters worse, this particular malware virus allowed hackers full remote access to the system – and to all of that sensitive personal data. An investigation found that one of the Chinese manufacturer’s computers was infected and unintentionally loaded malicious files onto USB drives intended to hold the PDF manual.

Stay Clean: Go Custom

So, how do you prevent this type of security breach? One sure-fire way is to buy only US-made and US tested USB drives from a trusted source.

Smart IT pros avoid this problem entirely by using tried-and-true products. Built in the USA and rigorously tested for security and reliability, CustomUSB flash drives never leave clients with the electronic equivalent of abscessed teeth.

Saving a few bucks isn’t worth the reputation risk of a major information security breach. Learn from the ADA’s mistake and stick to trustworthy, reliable flash drives from CustomUSB.


Join the discussion and tell us your opinion.

Miguel Garciareply
May 24, 2016 at 1:41 pm

To be realistic this could’ve happened with any USB supplier. It’d be a little unfair to judge your competition professionalism when the breach isn’t truly explained. All you need is one bad apple. 

May 25, 2016 at 4:34 pm
– In reply to: Miguel Garcia

This is true, the issue is mostly with ADA and not the Chinese supplier, considering the content is being sent by the ADA and not their contractor. The problem is that these USB drives are very potent and cannot be treated like a pen or a mug someone would get for their giveaway.  

David Penchantreply
May 25, 2016 at 4:26 pm

I’m an IT professional & if I find this article offensive. Is CustomUSB really claiming they manufacture flash memory?  Nonsense, the infrastructure necessary is way beyond a promotional product distributor. The alternative is that you’re suggesting you distribute American made memory, oops again, nonsense, as there is not a single flash memory manufacturer in the US.

Shame on you for claiming “American Made”.

May 25, 2016 at 6:41 pm
– In reply to: David Penchant


We are making the claim that we manufacture the entire product here, including assembly, printing, case design, tooling design for the casing, ABS injection molding (sometimes but not always), prototyping, laser marking, etc…

CustomUSB is not claiming that the memory component is made in the USA. We do, however, believe that we are the originator of the product and therefor take full responsibly for it. This includes all the data that is on it. We make sure that all data is clean before and after it is loaded.

We do our own programming, data loading, and QC as well. If you are ever in the Chicago-land area, we would be happy to show you our facilities to put your mind at ease. We are very proud to say that we do indeed make it here.

David Penchantreply
May 25, 2016 at 7:44 pm
– In reply to: CustomUSB

I appreciate your response, however the more honest statement is that your product is assembled & decorated in the USA.  All flash memory could arrive contaminated from China, Singapore, Korea, Vietnam, so you’re not impervious to malicious malware code on foreign purchased flash memory. While I don’t know anything about the shapes, but I know security every bit as well as I know memory including the countries where it’s manufactured where around the world. Given the overlap in body shapes except for the one of  a kind shapes you make, those are almost certainly made somewhere other than the United States. 

David Penchantreply
May 25, 2016 at 7:51 pm

To be clear, were I so inclined, I could embed malware on a flash chip or in the firmware on the controller and while I’m not sure, I might be able to find a way to add malicious function on the PCB, but that’s far more challenging, plus, all of these components are manufactured overseas.  You can get boards and controllers here, but that would make no sense.

There’s nothing wrong with saying “Assembled, Decorated & Data Services” point is, your comment is misleading at best. 

June 26, 2016 at 11:58 pm

The problem is nothing is made here. Of course, the president, aided by Congress, has a plan. First, continue allowing Chinese product, built by 8-10 yr olds working oppressive hours and days for $283/month, to come into the country with exceedingly favorable tariffs. Second, continue the highest corporate tax rates in the world for U.S. based companies. Third, raise the minimum wage to 20 times that given to Chinese children (based upon similar hours and OT pay for above 40). That will teach ’em! We will be back to having every product manufactured in the U.S. in no less than 1,000 eons, for certain!

jon weatherheadreply
August 5, 2016 at 3:08 am

where can I buy the flashdrive featured in the story photo?

September 23, 2016 at 5:30 pm
– In reply to: jon weatherhead

Jon, the flash drive featured here was a custom shape design for a client. We can produce a similar shape for you. If you are still interested in this custom shape, please call or email us, or submit a quote request, and one of our sales reps will contact you shortly.

Leave a reply