There are reports that the American Dental Association has sent out USB drives laced with malware.  This is another in a string of avoidable incidents that are increasing our risks when it comes to cybersecurity.  The same organizations that set standards are violating other standards.  Although everyone makes a mistake, this one has a particular annoyance to this blogger.

First, why are they sending out USB drives anyway?  There are so many ways to more securely transfer data that this method should be avoided.  

Second, because these are physical drives, the problem will trickle like a leaky faucet for many months to come.  Busy dentists across the country will plug this in as they find time.  There is no quick fix.

Security is a practice.  It is based on habits, tools, and intelligence.  There should have been a check and balance here before they put their clients and vendors at risk.