Dental care provider First Choice Dental says ransomware attack compromised over 200k patients

Wisconsin-based dental care provider First Choice Dental said the data security incident it suffered last year compromised the sensitive personal information of more than 200,000 individuals.

 

In a recent filing with the Office of Maine Attorney General, First Choice Dental said that on October 22, 2023, it experienced a ransomware attack that involved a threat actor infiltrating its internal network, encrypting connected systems and leaving a ransom note.

 

Immediately after discovering the incident, FCD took the affected network offline and launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

“FCD’s forensic investigation found evidence that some FCD files were accessed by the unauthorised actor. Upon learning of this, FCD began an extensive and comprehensive review of the files to identify and notify any individuals whose personal information may have been accessed,” the dental care provider said.

 

“On December 21, 2023, while FCD’s review was ongoing, FCD posted a notice of the incident on its website and issued a media notice with the Wisconsin State Journal. On May 1, 2024, FCD completed its comprehensive review of the data and began preparations to mail personalised notice letters to the individuals whose personal information may have been accessed,” reads the notice.

 

The compromised data included patients’ sensitive personal information such as their names, dates of birth, Social Security Numbers, passport numbers, driver’s license numbers, government identification numbers, credit/debit card numbers, financial account numbers, and health information. 

 

FCD’s filing with the Maine state Attorney revealed that at least 228,287 individuals were impacted by the incident.

 

Since the discovery of the ransomware attack, FCD has strengthened its security systems, including new intrusion detection and response tools, upgraded firewall, implementing multi-factor authentication, and more.

 

While FCD found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.