White and Bright Family Dental has found that one of its data servers storing patients’ private data has been hacked. Access to the Fresno, CA-based server was obtained by the hackers on January 30, 2018.
The Fresno Police Department was quickly made aware of the incident “so that identification and prosecution of those involved could begin.” That inquiry, along with the internal White and Bright Family Dental reviews, are ongoing. The dental clinic is also in the process of enhancing its security measures to avoid further incidents of this nature from happening.
While HIPAA covered bodies have up to 60 days following the identification of a breach to issue alerts to patients and the Department of Health and Human Services, White and Bright Family Dental acted speedily and sent alerts in the shortest possible time frame to permit victims to take measures to safeguard their identities. Letters were issued to patients on February 16 and the state attorney general’s office was made aware of the breach on February 19.
White and Bright Family Dental feels the protected health information of patients was obtained by the hackers, although no proof has been found to suggest any information has been copied, stolen or improperly used.
An analysis of the server showed the following sorts of information were possibly accessed: Names, addresses, telephone numbers, birth dates, Social Security details, insurance information, driver’s license numbers, and dental records.
Patients have been told to be aware of the risk of identity theft and fraud and should keep a close eye their health and account statements for any sign of fraudulent behavious.
The incident has yet to be published on the HHS’ Office for Civil Rights’ (OCR) breach portal so it is not currently obvious how many patients have been affected by the incident.