North American Dental Management is a company based in Pittsburgh responsible for providing administrative and technical support services to Professional Dental Alliance offices. On March 31st and April 1st of 2021, an unauthorized entity gained access to the company’s servers, potentially compromising the protected health information of up to 125,760 patients in Connecticut, Georgia, Florida, Illinois, Indiana, Massachusetts, Michigan, New York, Texas, and Tennessee.
As is so often with modern digital crimes, the bad actor used an email phishing attack to access North American Dental Management’s systems. Phishing is a malicious technique that utilizes deceptive emails or other messages to impersonate legitimate organizations. These emails or text messages entice unwary users to click on a link taking them to a page that asks them to confirm account details or other data. Once criminals have breached digital perimeters in this way, they can easily steal or sabotage crucial data such as that stored by North American Dental Management.
At this point, there is no evidence that the stolen dental information was misused. In fact, the attack seems to have been an email harvesting mission, with no signs indicating that patients’ dental records or images were accessed. Even so, specific facts from the records of affected patients may have been compromised, including name, address, email address, phone number, dental information, insurance information, Social Security number, and financial account numbers.
Upon discovery of the breach, officials reported it to the DHS’s Office for Civil Rights. Investigation into its effects continues. In the meantime, potentially affected patients are entitled to receive two years of free credit monitoring and identity theft services provided by Professional Dental Alliance.