The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Phishing Attack on Business Associate Affects Tens of Thousands of Professional Dental Alliance Patients

Posted By on Oct 18, 2021

Professional Dental Alliance, a network of dental practices affiliated with the North American Dental Group, has notified tens of thousands of patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual between March 31 and April 1, 2021.

Professional Dental Alliance says the breach occurred at its vendor North American Dental Management. Steps were immediately taken to secure the affected accounts and prevent further unauthorized access. An investigation was launched which revealed several email accounts were accessed by an unauthorized individual after employees responded to phishing emails.

The investigation into the breach uncovered no evidence of attempted or actual misuse of patient data, with the investigators concluding the breach was likely limited to credential harvesting. A comprehensive review of the affected email accounts confirmed they contained protected health information (PHI) such as names, addresses, email addresses, phone numbers, insurance information, Social Security numbers, dental information, and/or financial information. Professional Dental Alliance says the electronic dental record system and dental images were not accessed.

While it appears that protected health information was not stolen, affected individuals have been advised to exercise caution and review their credit reports and account statements and be vigilant for signs of misuse of their data.  Professional Dental Alliance says affected individuals are being offered complimentary membership to credit monitoring and identity theft protection services for two years.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach has been reported to the HHS’ Office for Civil Rights by each covered entity affected.  Almost 173,000 patients are known to have had their protected health information exposed.

Covered Entity Individuals Affected
Professional Dental Alliance 47,173
Professional Dental Alliance of Connecticut 6,237
Professional Dental Alliance of Florida 18,626
Professional Dental Alliance of Georgia 23,974
Professional Dental Alliance of Illinois 16,673
Professional Dental Alliance of Indiana 7,359
Professional Dental Alliance of Massachusetts 607
Professional Dental Alliance of Michigan 26,054
Professional Dental Alliance of New York 10,778
Professional Dental Alliance of Tennessee 11,217
Professional Dental Alliance of Texas 4,235

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist