Patient personal data, including U.S. Social Security numbers, may have been taken in the 2023 ransomware attack on TAG - The Aspen Group’s dental service organization (DSO) Aspen Dental, according to a company statement.
Though Aspen Dental had no evidence that patient personal data had been misused, it reported that biometric data, health insurance information, bank financial data, birthdates, driver’s license and state identification numbers, and other sensitive information may have been taken.
"After an extensive review, it was determined that unfortunately some personal information of patients and employees of these practices may have been impacted," Aspen Dental said in a statement provided on February 23 to DrBicuspid.com.
In the coming weeks, Aspen will begin mailing out letters to those who may have been affected by the attack. The letters will include information about the incident, actions taken to prevent a recurrence, and steps that patients and employees can take to protect their information.
Patients who may have had their U.S. Social Security numbers stolen will be offered free credit monitoring, according to the DSO.
"We take the security of all information in our systems very seriously, and we have taken steps to prevent a reoccurrence by increasing monitoring of our networks, further improving access control, and hardening our systems," according to Aspen's statement.
In April 2023, Aspen Dental announced that it was hit with a cybersecurity attack that affected the DSO’s ability to access its scheduling, phone, and other business applications. At the time, the DSO was unsure if any data was compromised.
In December 2023, Aspen Dental was ranked the second-largest DSO in the U.S. on DrBicuspid.com’s list of the top 10 largest DSOs in the U.S. Currently, it has about 1,100 affiliated practices in 45 states.
