Patients Notified of White and Bright Family Dental Server Hack

Fresno, CA-based White and Bright Family Dental has discovered one of its servers containing patients’ protected health information has been accessed by hackers. Access to the server was gained by the attackers on January 30, 2018.

The Fresno Police Department was immediately notified of the incident “so that identification and prosecution of those involved could begin.” That investigation, along with the internal White and Bright Family Dental investigations, are continuing. The dental practice is also in the process of augmenting its security protections to prevent further incidents of this nature from occurring.

While HIPAA covered entities have up to 60 days following the discovery of a breach to issue notifications to patients and the Department of Health and Human Services, White and Bright Family Dental acted quickly and sent notifications in the shortest possible time frame to allow victims to take steps to protect their identities. Letters were sent to patients on February 16 and the state attorney general’s office was notified of the breach on February 19.

White and Bright Family Dental believes the protected health information of patients was accessed by the attackers, although no evidence has been uncovered to suggest any information has been copied, stolen or misused.

An analysis of the server revealed the following types of information were potentially accessed: Names, addresses, telephone numbers, birth dates, Social Security numbers, insurance information, driver’s license numbers, and dental histories.

Patients have been advised to be alert to the risk of identity theft and fraud and should monitor their health and account statements for any sign of fraudulent activity.

The incident has yet to appear on the HHS’ Office for Civil Rights’ breach portal so it is currently unclear how many patients have been impacted by the incident.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.