"Data Breach Hits US Dental Patients"
A cyberattack on the vendor of a network of dental practices may have exposed the data of tens of thousands of patients. An adversary used a phishing attack to gain access to the computer systems of North American Dental Management between March 31 and April 1, 2021. Pittsburgh-based North American Dental Management provides administrative and technical support services for Professional Dental Alliance (PDA) offices. PDA notified patients that an unauthorized individual may have accessed some of their protected health information (PHI) after the security breach. The information that may have been exposed was stored in email accounts that the attacker could breach. At this time, the identity of some individuals is known, but the vendor’s investigation is ongoing. After discovering the breach, North American Dental Management took steps to secure the compromised email accounts and launched an investigation. PDA noted that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting. The threat actor did not access PDA’s patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts. The full extent of the potentially affected personal information is not yet known and will vary between persons, but it may include the following: name, address, email address, phone number, dental information, insurance information, Social Security Number, and/or financial account numbers. The breach was reported to the DHS’s Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas, and Tennessee.