More than one million patient records have been implicated in a widespread data breach on the dental industry, with a U.S. healthcare provider now notifying more than a million patients that their data has been accessed by a third party.
The Dental Care Alliance is now in the process of notifying the more than one million patients that were implicated in the dental industry data breach, with some reports stating that extremely sensitive data was accessed.
The DCA works with 320 dental practices across 20 states in the U.S., and collaborates with a list of more than 700 dentists.
The Dental Care Alliance (DCA) says that it was hit by a cyber attack and subsequent data breach on the 18th of September, 2020, and was unable to stop the attack until the 13th of October.
In that time, it’s said that a host of patient data on more than a million U.S. residents was accessed. This dataset is said to include names, home addresses, patient account numbers, billing information, bank account information, health insurance information as well as the name of the dentist and the treatment provided.
With this information, cyber criminals are able to launch a number of phishing and identity fraud campaigns, and now have a solid basis to launch attacks against an individual’s financial information.
Dave Quigley, who works as the general counsel for the Dental Care Alliance has issued a statement saying the Alliance has notified the more than one million patients implicated in the dental industry data breach.
Quigley confirmed that the DCA has also been in contact with regulators and reported the cyber attack to authorities. The 1,004,304 dental patients that were implicated in the data breach have been notified by mail.
“We have seen no specific evidence that personal information was used for malicious purposes,” Quigley said, adding that “we will continue to do all that is necessary and appropriate to support and inform impacted individuals in the days ahead.”
Mr Quigley said that after reviewing the data that was accessed by the unauthorised third party, the Alliance believes that just 10% of the database included bank account information that could have been compromised in the data breach.
Click here for your Free ISO 27001 Gap Analysis Checklist
According to a report from InfoSecurity Magazine, “the incident comes 10 months after a ransomware attack on Colorado information technology company Complete Technology Solutions (CTS) impacted about 100 dental practices in the United States, leaving staff unable to access patient records and treatment schedules.”
Co-owner of one of the dental practices hit by this ransomware attack, Dr Jessica Meeske said that in the aftermath of the attack “you are absolutely paralyzed in the same way as if you lost your location physically.”
We’ve reported in the past that cyber attacks, data breaches and ransomware attacks on the medical industry have increased, and are set to continue to increase exponentially.
A report from Black Book Market Research says that cyber attacks launched against the healthcare sector are expected to triple in 2021, signalling the importance of an information security management system to mitigate digital threats and maintain the integrity of patient’s medical information.
That report’s lead author said at the time that the “outdated IT systems, fewer cyber security protocols, untrained IT staff on evolving security skills and data-rich patient files are making healthcare the current target of hacker attacks… the willingness of hospitals and physician practices to pay high ransoms to regain their data quickly motivates hackers to focus on patient records,” they said.
“Threats are now four times more likely to be centered on healthcare than any other industry, and ransomware attacks are increasing in popularity because of the amount of privileged information the hacker can obtain.”