Four DSOs and dental practices have been hit with data breaches this year, resulting in the potential leak of sensitive information for at least 200,000 patients.
Here are four data breaches Becker’s has covered since January:
1. Community Dental Care, a nonprofit dental clinic with five locations throughout Minnesota, launched an investigation after becoming aware of unauthorized activity in its computer system in December. That investigation determined that certain personal information was accessed or acquired without authorization by an unknown actor on or about Dec. 6. The clinic completed a review of the impacted data March 24.
The potentially impacted information may have included names, addresses, Social Security numbers, medical information and health insurance information, among other data, according to an April 1 news release.
2. Nashville, Tenn.-based Chord Specialty Dental Partners experienced a data security incident affecting more than 173,000 individuals. The DSO said in a notice posted on its website that on or around Sept. 11, it discovered suspicious activity related to an employee’s email account. An investigation determined that an unauthorized individual gained access to several accounts between Aug. 19 and Sept. 25.
The type of information potentially affected varies by individual but may include other information such as names, addresses, Social Security numbers, bank account information and health insurance information.
3. Rinehart Dentistry in Georgetown, S.C., experienced a data breach affecting 25,000 individuals. The practice discovered that an unauthorized party was able to gain access to sensitive patient information provided to the practice. The practice submitted the incident to the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal March 24.
4. Artistic Family Dental, a three-office practice in Illinois, was the victim of cyber attack that led to the potential breach of information for nearly 4,000 individuals. The practice said that on or about Nov. 11, it became aware of unusual activity in its network environment. An investigation determined that an unauthorized actor may have accessed and acquired certain data.
Information that may have been acquired without authorization as a result of the incident includes names, dates of birth, and insurance and billing information. Social Security numbers may also have been copied without authorization for some individuals, according to a notice on the practice’s website.