The protected health information of more than a million dental patients has potentially been obtained by hackers who successfully gained access to the network of the Dental Care Alliance, a Sarasota, FL-based dental support organization that supports more than 320 affiliated dental practices across 20 states.
The cyberattack was detected on October 11, 2000 and action was immediately taken to prevent further unauthorized network access. The Dental Care Alliance explained in a breach notification sent to the Maine Attorney General that the breach was successfully contained on October 13.
The breach investigation confirmed that the hackers potentially had access to parts of the network that contained the protected health information of 1,004,304 individuals, which makes this the third largest U.S. healthcare data breaches to be reported in 2020 behind the ransomware attacks on Magellan Health and Blackbaud Inc.
The information potentially obtained by the hackers was limited to names, addresses, diagnoses, treatment information, patient account numbers, billing information, dentists’ names, and health insurance information for around 90% of affected individuals. The remaining 10% also potentially had some financial information compromised such as financial account numbers.
Affected individuals were notified about the breach by mail in November. The Maine breach notification states no identity theft protection services have been offered to breach victims.
The breach investigation confirmed systems had been accessed, but no specific evidence was found to indicate any patient data has been used for malicious purposes. The investigation into the breach is continuing and the Dental Care Alliance will continue to monitor the data at risk and will issue updates if new facts are learned about the attack.
Additional safeguards have now been implemented to prevent further attacks from occurring in the future and additional training has been provided to employees on data security.