[BreachExchange] Nearly 400K dental patients affected in Alabama ransom attack

Destry Winant destry at riskbasedsecurity.com
Sun Oct 6 23:48:55 EDT 2019


https://www.healthdatamanagement.com/news/nearly-400k-dental-patients-affected-in-alabama-ransom-attack

In July, staff at Sarrell Dental, with 15 locations across Alabama,
discovered malicious software on the organization's network servers.

The ransomware was accompanied with a message demanding payment in
return for the key to decrypt impacted files. Sarrell Dental did not
pay the ransom—it deactivated the network and engaged help from ID
Experts to investigate the attack. But the damage was done, and
eventually the chain determined that information of 391,472
individuals was affected.

The dental practices closed for two weeks to rebuild business systems.
“To protect health information in the future, we rebuilt our business
systems with updated security and virus protection for the entire
Sarrell network before reopening our practices,” the organization told
patients in a breach notification letter. Now, the network and systems
are monitored with upgraded capabilties to ensure data remains secure,
and the investigation has not found evidence of files being copied,
downloaded or removed from the network.

“However, because we cannot rule out the possibility that sensitive
information was obtained from the network, we are providing
information about resources to assist those potentially impacted to
protect their information,” patients were told.

Compromised data included patient names, addresses, dates of birth,
Social Security numbers, insurance and treatment information, dates of
service, procedure and diagnosis codes and the names of the treating
dentist.

The notification letter stressed that Sarrell Dental cannot be certain
whether or how much of its information was exposed, but noted that no
evidence suggests affected data has been misused.

“Receiving a letter does not mean that you are a victim of identity
theft,” patients were told. “At this time, there is no evidence that
your data is at risk as a result of this incidence; however, Sarrell
Dental has notified you of this incident as a precaution.”

The organization urged affected individuals to enroll and receive the
free credit monitoring and identity theft protection available and
also take advantage of free fraud alert services offered by the credit
bureaus.

Additional information on the incident was not available.


More information about the BreachExchange mailing list