HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Phishing Attack on Business Associate Affects Tens of Thousands of Professional Dental Alliance Patients

Professional Dental Alliance, a network of dental practices affiliated with the North American Dental Group, has notified tens of thousands of patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual between March 31 and April 1, 2021.

Professional Dental Alliance says the breach occurred at its vendor North American Dental Management. Steps were immediately taken to secure the affected accounts and prevent further unauthorized access. An investigation was launched which revealed several email accounts were accessed by an unauthorized individual after employees responded to phishing emails.

The investigation into the breach uncovered no evidence of attempted or actual misuse of patient data, with the investigators concluding the breach was likely limited to credential harvesting. A comprehensive review of the affected email accounts confirmed they contained protected health information (PHI) such as names, addresses, email addresses, phone numbers, insurance information, Social Security numbers, dental information, and/or financial information. Professional Dental Alliance says the electronic dental record system and dental images were not accessed.

While it appears that protected health information was not stolen, affected individuals have been advised to exercise caution and review their credit reports and account statements and be vigilant for signs of misuse of their data.  Professional Dental Alliance says affected individuals are being offered complimentary membership to credit monitoring and identity theft protection services for two years.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach has been reported to the HHS’ Office for Civil Rights by each covered entity affected.  Almost 173,000 patients are known to have had their protected health information exposed.

Covered Entity Individuals Affected
Professional Dental Alliance 47,173
Professional Dental Alliance of Connecticut 6,237
Professional Dental Alliance of Florida 18,626
Professional Dental Alliance of Georgia 23,974
Professional Dental Alliance of Illinois 16,673
Professional Dental Alliance of Indiana 7,359
Professional Dental Alliance of Massachusetts 607
Professional Dental Alliance of Michigan 26,054
Professional Dental Alliance of New York 10,778
Professional Dental Alliance of Tennessee 11,217
Professional Dental Alliance of Texas 4,235

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.