Dental lab Absolute Dental Services (ADS) notified patients on August 21 that it experienced a data security incident that occurred about six months prior, which may have exposed their personal and health information, according to a company press release dated August 22.
The dental laboratory, which is headquartered in Durham, NC, and has three other locations in North and South Carolina, did not disclose the number of patients that may have been affected. Potential victims are patients who received dental products, including nightguards, bridges and crowns, and prosthetics, that were made by the lab on behalf of other dental practices.
Recently, dentistry has been a target for ransomware attackers. This is the fourth dental-related business, including a large breach at dental benefits management company MCNA Dental, to face security threats during the early months of 2023.
The hit at ADS
On February 21, the dental lab discovered suspicious activity linked to one ADS email account. Immediately, ADS took steps to secure the account, launched an investigation, and hired independent digital forensics and incident response experts to determine what happened and what information may have been compromised, according to the release.
On March 8, ADS received confirmation that one of its email accounts was accessed without authorization and which then engaged a vendor to conduct a comprehensive review of the contents. In June 2023, ADS learned that certain personal or protected health information, which may have varied for each patient, may have been exposed, according to the release.
Hackers may have viewed or stolen the following data:
- Date of birth
- Date of medical service
- Full face photos
- Physician or medical facility information
- Medical conditions or treatment information
- Medical device identifiers
- Medical diagnoses
- DNA profiles
- Medical record numbers or referrals
In addition to notifying patients who may have been affected by the attack, ADS has provided resources to assist them in protecting their information, according to the release.
In May, MCNA Dental announced that it was the target of a cybersecurity attack in March that possibly exposed the sensitive data of nearly 9 million patients. In February, dental service organization (DSO) Great Expressions Dental Centers, which supports nearly 300 dental practices, was hit by cybersecurity incident that possibly exposed sensitive patient data. The DSO notified potential victims in May.
In April, TAG - The Aspen Group, the parent company of DSO Aspen Dental, announced that a security incident temporarily affected its ability to access the scheduling, phone, and other business applications at Aspen Dental, possibly exposing personal patient data. The DSO supports about 1,000 dental practices across the U.S.