Existing and previous at the Dental Center of Northwest Ohio in Toledo, OH, have been contacted to advise them that some of their protected health information may have been obtained illegally via a ransomware attack on one of its third party suppliers.
A managed IT service provider called Arakyta got in touch with the dental center on September 1, 2018, regarding a security breach on a server hosting some dental center systems. With the aid of third-party computer experts, the dental center were able to ascertain on November 7, 2018, that an unknown, unauthorized person managed to log on to the server and could have viewed or downloaded patient data.
There has been nothing to suggest that data theft took place no patients have been in touch to imply that any protected health information was stolen. However, since no one could say for certain that data theft happened or not with a high degree of certainty, the decision was taken to issue notifications to patients and to provide them with complimentary credit monitoring and identity theft restoration services.
It is possible that the hacker could have viewed the following data:
- Full names
- Home addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- State identification numbers
- Medical record
- History of diagnoses
- Treatment information
- Patient ID numbers
- Health insurance particulars
Arakyta and the dental center had sufficient controls implemented prevent unauthorized data access. However, the hackers managed to avoid those controls. The dental center has since reconsidered its security policies that deal with the privacy and security of patient data. Following this process additional safeguards to prevent further breaches of protected health information have been put in place.
An official breach report has been submitted to the Department of Health and Human Services’ Office for Civil Rights and other relevant government agencies.