PHI of Dental Center of Northwest Ohio Patients Exposed Due to Ransomware Attack

The Dental Center of Northwest Ohio located in Toledo, OH, has notified present and past patients that some of their protected health information (PHI) has potentially been compromised during a ransomware attack on a business associate.

The Dental Center became aware of the security breach on September 1, 2018 after Arakyta, a managed IT service provider, issued a notification about a a security breach involving a server hosting some of the dental center’s systems. With the help of third-party computer specialists, the Dental Center learned on November 7, 2018, that an unauthorized person had accessed the server and possibly viewed or downloaded patient information.

There was no evidence uncovered to suggest data theft had occurred and no reports had been received from patients that suggested there had been any misuse of PHI. Nevertheless, because data theft cannot be ruled out with total certainty, the Dental Center decided to send notification letters to patients and offered them free credit monitoring and identity theft restoration services.

The attacker potentially accessed and copied the following PHI: Full names, birth dates, home addresses, Social Security numbers, state identification numbers, driver’s license numbers, health histories, diagnoses, treatment data, clinical information, medical documents, patient ID numbers, health insurance plan details, benefit data, and financial information.

Following the attack, the Dental Center evaluated its policies and procedures associated with the privacy and security of patient information and has put further safeguards in place to prevent further breaches of PHI.

The Dental Center has reported the breach to the Department of Health and Human Services’ Office for Civil Rights (OCR) although the incident has not yet appeared on the OCR breach portal so it has yet to be determined how many patients have been affected by the breach.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: