Minnesota Dental Practices Report Email Breach Affecting 277K Patients
Major data breaches have been reported by Park Dental and Dental Specialists of Minnesota, which involved the protected health information of 277,109 individuals. Park Dental, which has dozens of dental clinics in Minneapolis, St. Paul, western Wisconsin, and the greater Minnesota area, reported a breach of the protected health information to the HHS’ Office for Civil Rights (OCR) on August 9, 2024, that affects 238,667 patients. A breach was also reported on the same day by Dental Specialists of Minnesota, which operates as The Dental Specialists, that affects 38,442 patients.
Suspicious activity was identified in certain employee email accounts on January 23, 2024. The email accounts were secured, and third-party cybersecurity specialists were engaged to investigate and determine the extent of the breach. The investigation confirmed that multiple email accounts had been accessed by an unauthorized third party between January 11 and January 23, 2024, who may have viewed information in the accounts and related file shares. The review of the accounts was completed on June 10, 2024, and confirmed that the accounts contained information such as names, demographic information, medical information, health insurance information, and dates of birth. A limited number of individuals also had their Social Security number, driver’s license number, and/or financial account information exposed.
Park Dental and The Dental Specialists said security measures had been implemented prior to the attack to prevent unauthorized access to email accounts, including multifactor authentication prompts to access data within its environment, these measures were circumvented. Security measures are being reviewed and will be enhanced to prevent further email account breaches.
Behavioral Health Alliance of Rural Pennsylvania
Behavioral Health Alliance of Rural Pennsylvania has discovered unauthorized access to an employee’s email account. The breach was detected on or around June 17, 2024, and the forensic investigation confirmed that an unauthorized third party had access to the account between June 14, 2024, and June 17, 2024. The breach was limited to a single email account; however, that account contained patient data such as names, identification numbers, and treatment information. System security is being reviewed and will be enhanced, as appropriate, to prevent similar breaches in the future. The breach was reported to the HHS’ Office for Civil Rights as affecting 642 individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
