[BreachExchange] Month-Long Email Hack on Ohio Dental Insurer Impacts Patient Data

Destry Winant destry at riskbasedsecurity.com
Fri Mar 29 09:02:28 EDT 2019


Ohio-based Superior Dental Care, a dental insurance carrier, is
notifying members that a hack on its employee email account
potentially breached their personal data.

On January 23, SDC officials first discovered the unauthorized access
on one employee email account. The account was promptly secured, and
an investigation was launched with support of a third-party forensics
team to determine the scope of the incident.

Officials determined the hackers first gained access to the email
account about one month prior, beginning December 21. As a result, the
cybercriminal had access to patient data, including names, Social
Security numbers, payment and medical information related to dental

SDC has since updated its security processes, and officials said they
are continuing to work with the third-party forensics team to improve
its overall security.


An email account of a Human Development Center in Duluth employee was
hacked in January, which potentially compromised some patient data.

Officials first discovered the breach during a routine review of email
logs on January 25. They discovered a hacker access the employee email
account a week earlier, on January 16 and 18.

An investigation determined the account contained some protected
health information, such as names, dates of birth, internal HDC client
numbers, a description of services, and some procedure codes. Patients
who visited HDC between 2011 and 2018 were impacted by the security


Maryland-based Frederick Regional Health System is notifying some
patients of a potential data breach, after falling victim to a
phishing attack.

Officials first discovered the unauthorized access on January 21, when
an employee was duped by a phishing attempt. The account was
immediately secured, and officials launched an investigation.

The investigation determined some patient data was contained in the
email account, including names, health insurance numbers, insurance
type, and for some patients, Social Security numbers. The breach was
confined to patients who received hospice services from June 2017 to
January 2019.

“Frederick Regional Health System has dedicated multiple resources to
cybersecurity over the years because we know the healthcare industry
is a target,” officials wrote in a statement. “We will continue to
implement additional security enhancements and conduct further email
training with our staff.”

More information about the BreachExchange mailing list