Dental Care Alliance (DCA), an American healthcare provider, has notified more than a million patients that their data may have been exposed by a recent cyber-attack. The attack took place on September 18th but was not discovered until October 11th. DCA informed patients that the data leak likely included names addresses, dental diagnosis, health insurance information, and bank account numbers. DCA claims that bank information was stolen from only 10% of the individuals impacted by the leak. DCA is a dental support organization with more than 320 affiliated dental practices across 20 states.
Analyst Notes: Patients that have been notified by DCA should monitor banking and health insurance institution for any fraudulent activity. If unusual activity is found, it should be reported to the respective institution immediately. It’s important to review the “Explanation of Benefits” forms that are sent by health insurance companies after claims are paid, in case someone else is using a stolen health insurance policy. The healthcare industry continues to be a target for cybercriminals. This attack comes 10 months after a ransomware attack on Colorado-based Complete Technology Solutions impacted nearly 100 dental practices in the United States. Organizations need to ensure proper employee training and engagement in data breach prevention. Additionally, they should ensure systems are updated with the latest security patches and that Multi-Factor Authentication (MFA) is deployed and enforced so that stolen or weak passwords cannot be leveraged by attackers.