Email breach at vendor to alliance of dental practices impacts numerous practices, more than 170,000 patients
For the second time in the past year, an alliance serving dental practices has been hit with a cyberattack. Last year’s attack impacted patients at Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut. They reported a a ransomware attack on First Impressions Orthodontics impacted their patients.
This year, a number of state Professional Dental Alliance (PDA) units are reporting to HHS and patients following a breach at their vendor, North American Dental Management (NADM). NADM’s breach, which was the result of a phishing attack, took place between March 31 and April 1, 2021. NADM provides administrative and technical support services for Professional Dental Alliance offices.
According to the North American Dental Group’s web site:
The Professional Dental Alliance (PDA) is a group of dentists affiliated with the North American Dental Group (NADG). The PDA is led by the Oral Health Board (OHB), an internal board of dentists charged with guiding clinical activities to ensure best-in-class oral health care for patients. The PDA is transforming the holistic dental experience by integrating the best clinical practices, setting comprehensive standards of care, sourcing high-quality supplies, providing ongoing doctor training and mentorship, and adopting a unique data and outcome-driven approach to dentistry with a focus on collaboration.
NADM and NADG seem to share the same phone number.
So far, more than 170,000 patients have reportedly been notified of the NADM breach. It is not yet clear why it took six months from the incident to provide notice to patients and HHS.
As of today, the following PDA entities have reported impacted patient numbers to HHS:
New York: 10778
There was also one entry for PDA that did not indicate any state: 47173, and one entry for NADG Hopewell for 1143 patients.