Hack at network of pediatric practices exposes patient data

System Error Cyberattack

A network of pediatric dental practices in California notified patients on March 6 that it had been hit with a cyberattack and that their sensitive data, including billing information, were accessed by the hacker, according to the state's  attorney general.  

On March 6, CDC Dental Management, doing business as Kids Care Dental & Orthodontics, filed a notice with the state attorney general stating that it had been struck by a cybersecurity incident on June 17, 2023, and the incident resulted in an unauthorized party gaining access to patients' personal data, including names; Social Security numbers; driver's license numbers; state identification numbers; dates of birth; and medical, health insurance, and billing and claims information, according to the notice.

Kids Care, which has 22 pediatric dental offices in California and generates about $14 million in revenue per year, sent notification letters to affected individuals about 10 months after the incident occurred because it had completed its investigation. More information is expected soon, according to the notice.

On June 17, 2023, Kids Care detected suspicious activity within its computer network, secured its system, notified law enforcement, and started an investigation with assistance from third-party data security specialists to determine whether any patient information was exposed.

The investigation revealed that the hacker infiltrated Kids Cares' information technology system on June 15, 2023, and the unauthorized person accessed files containing confidential patient information. The company reviewed the compromised files to determine the data leaked and the patients affected. The process was completed on February 29, according to the notice.