Dental Care Alliance, LLC, a dental support group with over 320 affiliated dental practices spread across 20 states, has been hacked and the protected health information of more than a million individuals has possibly been infiltrated. The breach happened on September 18, 2020, was detected on October 11, and was closed off on October 13.
The group which is headquartered in Sarasota, Florida, submitted a breach notification to the Maine Attorney General’s office which stated that a portion of patient information was successfully stolen by the hackers, including patient names in tandem with financial account numbers, although Dental Care Alliance said only around one tenth of the impacted people had their financial account number exposed. For most of individuals impacted by the breach, the information possibly impacted was restricted to names, addresses, diagnoses, treatment details, patient account numbers, billing data, dentists’ identities, and health insurance specifics.
Dental Care Alliance said it moved swiftly when the breach was identified to safeguard its systems to prevent any further unauthorized access. Additional safeguards have since been configured to stop additional breaches and further training has been given to staff on data security. The investigation into the breach is ongoing and Dental Care Alliance will go on reviewing the data potentially in danger and will make more information available to impacted individuals if new facts are discovered about the attack. The breach notification letters do not list additional information on the exact manner of the attack.
Dental Care Alliance shared notification letters to the 1,004,304 impacted people in November. The letters detailed that while the hackers did gain access to certain files, “no specific evidence” was discovered to suggest any patient information has been used for malicious reasons. As of yet there has been no indication that impacted people are being provided with any credit monitoring or identity theft protection services.
The breach report filed to the HHS’ Office for Civil Rights shows 1,004,304 individuals have been impacted by the incident.