ProSmile Holdings Notifies Patients About July 2022 Data Breach
ProSmile Holdings, LLC, a New Jersey dental service organization, started notifying patients on December 22, 2023, about a breach of its email environment. Suspicious activity was detected in July 2022, and a third-party cybersecurity company was engaged to investigate the unauthorized activity and determine if any sensitive data had been exposed or compromised. ProSmile Holdings was notified on December 1, 2022, that numerous email accounts had been compromised and accessed without authorization, and personal and protected health information may have been accessed or acquired.
On January 27, 2023, ProSmile Holdings engaged a vendor to conduct a review of the affected files, and the review was completed on November 29, 2023. The compromised information included names, dates of birth, Social Security numbers, driver’s license or other state identification card numbers, financial account numbers, payment card numbers, medical treatment information, diagnosis or clinical information, provider information, prescription information, and health insurance information.
ProSmile Holdings made an announcement about the data breach on March 28, 2023, but was unable to confirm at that time how many individuals had been affected or what data had been exposed. The incident was reported to the HHS’ Office for Civil Rights as involving the protected health information of 39,674 individuals.
It is also unclear why it took 5 months to discover that patient data was involved, a further two months to initiate a document review, and 10 months to complete that review. The first announcement about the breach was not made for 7 months, and it has taken 17 months for individual notifications to be issued.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Valley Health System Affected by Data Breach at ESO Solutions
Valley Health System in Las Vegas has confirmed that it was affected by a ransomware attack and data breach at its software vendor, ESO Solutions, in late September. ESO notified Valley Health System about the breach in late October and confirmed that patient names, phone numbers, addresses, and some personal or health information were compromised. The breach has affected 5 Valley Health System hospitals: Centennial Hills Hospital, Desert Springs Hospital, Spring Valley Hospital, Summerlin Hospital, and Valley Hospital. The affected individuals were notified about the breach on December 12, 2023.
