[BreachExchange] One Million US Dental Patients Impacted by Data Breach

Destry Winant destry at riskbasedsecurity.com
Fri Dec 11 11:02:36 EST 2020 

https://www.infosecurity-magazine.com/news/1m-us-dental-patients-impacted-by/

An American healthcare provider has started notifying more than a
million patients that their data may have been exposed as the result
of a cyber-attack.

Dental Care Alliance discovered on October 11 that it had been the
victim of a hack that began on September 18, 2020. The company, which
is headquartered in Sarasota, Florida, was able to contain the attack
by October 13.

Patient data that may have been accessed in the security incident
included names, addresses, dental diagnosis and treatment information,
patient account numbers, billing information, bank account numbers,
the name of the patient's dentist, and health insurance information.

Dave Quigley, general counsel for DCA, told Databreaches.net that the
breach had been reported to all relevant regulatory bodies and that
DCA had notified all 1,004,304 people affected by the incident via
letter in November.

Explaining why no remediation services such as credit monitoring had
been offered to patients impacted by the breach, Quigley said: "We
have seen no specific evidence that personal information was used for
malicious purposes."

He added: "We will continue to do all that is necessary and
appropriate to support and inform impacted individuals in the days
ahead."

A review of what data the attackers were able to access concluded that
bank account numbers belonging to only 10% of the individuals impacted
by the hack were visible to an unauthorized third party.

Dental Care Alliance is a dental support organization with more than
320 affiliated dental practices across 20 states. The LLC was
established in 1991 by Dr. Steven Matzkin and currently works with
more than 700 dentists.

The incident comes 10 months after a ransomware attack on Colorado
information technology company Complete Technology Solutions (CTS)
impacted about 100 dental practices in the United States, leaving
staff unable to access patient records and treatment schedules.

Practices in Colorado, Kansas, Nebraska, and Nevada were impacted by
the incident, including the Pediatric Dental Specialists of Greater
Nebraska.

Co-owner Dr. Jessica Meeske, describing the effect of the attack on
the practice, told the American Dental Association: "You are
absolutely paralyzed in the same way as if you lost your location
physically."

More information about the BreachExchange mailing list