Each impacted covered entity has reported the breach to the HHS Office for Civil Rights.
It is known that protected health information for around 173,000 people was compromised.
The following PDA organisations have informed HHS of affected patient numbers:
Florida: 18626, Georgia: 23974, Illinois: 16673, Massachusetts: 607, Michigan: 26054, Indiana: 7359, Connecticut: 6237, Tennessee:11217, New York: 10778, and Texas: 4235.
The impacted accounts were secured right away to stop further unwanted access.
After employees responded to phishing emails, an investigation was opened, which discovered multiple email accounts were accessed by an unauthorised person.
The compromised information includes names, addresses, email addresses, phone numbers, insurance information, Social Security numbers, dental information, and/or financial information.
Professional Dental Alliance says the electronic dental record system and dental images were not accessed.
Affected individuals have been urged to take caution, check their credit reports and account statements, and keep an eye out for any indications that their data has been misused.
According to Professional Dental Alliance, affected people will receive a free two-year membership to credit monitoring and identity theft protection services.
Source: https://www.hipaajournal.com/phishing-attack-professional-dental-alliance/
TPRM report: https://www.rankiteo.com/company/new-york-state-dental-association
"id": "new173711222",
"linkid": "new-york-state-dental-association",
"type": "Breach",
"date": "6/2017",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 173000,
'industry': 'Dental Services',
'name': 'Professional Dental Alliance',
'type': 'Healthcare'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Affected individuals have been urged to take caution, '
'check their credit reports and account statements, '
'and keep an eye out for any indications that their '
'data has been misused.',
'data_breach': {'number_of_records_exposed': 173000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Email addresses',
'Phone numbers',
'Insurance information',
'Social Security numbers',
'Dental information',
'Financial information']},
'description': 'Unauthorized access to multiple email accounts following a '
'phishing attack, resulting in the compromise of protected '
'health information for around 173,000 individuals.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Email addresses',
'Phone numbers',
'Insurance information',
'Social Security numbers',
'Dental information',
'Financial information'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Email accounts'},
'initial_access_broker': {'entry_point': 'Phishing emails'},
'motivation': 'Unknown',
'post_incident_analysis': {'root_causes': 'Employees responded to phishing '
'emails'},
'recommendations': 'Individuals should monitor credit reports and account '
'statements for signs of data misuse.',
'references': [{'source': 'Professional Dental Alliance'}],
'regulatory_compliance': {'regulatory_notifications': 'HHS Office for Civil '
'Rights'},
'response': {'communication_strategy': 'Notified affected individuals, '
'offered free credit monitoring and '
'identity theft protection services',
'containment_measures': 'Secured impacted accounts'},
'threat_actor': 'Unknown',
'title': 'Professional Dental Alliance Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human'}