Jefferson Dental Care (JDC) Healthcare Management was struck by a phishing attack, forcing the Texas-based dental support organization (DSO) to begin notifying 45,748 patients that their personal health information may have been exposed.
The organization began notifying its patients about the data breach on February 7, and the U.S. Department of Health and Human Services Office for Civil Rights is investigating the breach. Also, the DSO has notified all required state regulators, according to a statement released by the organization.
"JDC takes the confidentiality, privacy, and security of information in our care seriously," the letter stated.
On October 19, 2019, JDC learned of suspicious activity related to one of its email accounts. It immediately launched an inquiry with forensic investigators and determined on December 10, 2019, that there was unauthorized access to the JDC email account between July 21, 2019, and August 26, 2019. The breach may have exposed patient information, including names, addresses, dates of birth, medical treatment information and history, health insurance data, payment information, patient numbers, and medical record numbers. Social Security numbers were not compromised, according to JDC.
Though its investigation found no evidence of actual access or misuse of patient information as a result of this attack, JDC notified individuals whose information was present in the affected email account, the letter stated.
JDC is taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security to minimize the risk of another breach in the future, according to the company.
Editor's note: Learn about how to increase cybersecurity measures to lessen your risk of being attacked in "Dental practices hunted: How not to fall victim to hackers," also on DrBicuspid.com.