An online attack on the medical records of White and Bright Family Dental patients was uncovered on January 30, 2018. Hackers were able to access one of the servers of the dental practice which is located in Fresno, California. The server contained their clients’ protected health information such as: names, addresses, telephone numbers, birth dates, Social Security numbers, insurance information, driver’s license numbers, and dental histories.
White and Bright Family Dental, upon learning of the security breach, immediately informed Fresno police for prompt investigation and notified affected patients as well as the Department of Health and Human Services. Following such incidents, HIPAA covered individuals and groups are provided up to a maximum of 60 days to inform and notify patients including the aforementioned department. However, the dental clinic was quick to act on the situation and sent notifications to their patients in just a little over two weeks after the unauthorized access. On February 16 letters were delivered allowing affected clients to make the necessary action to protect their identities. The state attorney general’s office was subsequently informed of the security attack three days later.
Despite showing no evidence that would suggest that the protected health information of the patients have been copied, stolen, corrupted, or misused by the hackers, White and Bright Family Dental advised their patients to keep a close eye on their health and account statements. They must keep track and monitor these for any unusual activity that might be a red flag for identity theft and fraud. As of the moment the number of affected patients has not yet been confirmed as the incident has not yet appeared on the breach portal of the Health and Human Services’ Office for Civil Rights.
Fresno Police Department is continuing its investigation to identify and prosecute those who committed the security breach. White and Bright Family Dental is likewise conducting its own investigation and is searching for possible leads. They are also setting in place safety measures that would heighten their computer and online security to thwart hackers from doing the same in the future.