New Jersey dental care practice says data breach impacted close to 75,000 patients

Hackensack, New Jersey-based dental care provider New Jersey Oral & Maxillofacial Surgery said a data security incident that it suffered earlier this year compromised the sensitive personal information of almost 75,000 individuals.

 

In a data security incident notice, the dental care practice said that on May 14, it became aware of a security incident that affected its computer systems since April 19. It immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The Practice determined that the incident resulted in the unauthorised access and acquisition of certain files on the Practice’s computer systems,” it said.

 

The compromised data included patients’ full names, home addresses, dates of birth, and other demographic and contact information, Social Security numbers, driver’s license and state ID numbers, financial and account information, insurance information, and diagnosis and treatment information.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), the practice said it has identified at least 74,413 individuals who were impacted by the data security incident.

 

To avoid similar incidents from occurring in the future, the practice said it implemented additional safety measures to strengthen its network, and notified relevant law enforcements about the incident.  

 

While New Jersey Oral & Maxillofacial Surgery found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

Recently, the Clop ransomware group claimed responsibility for the cyber attack on the dental care practice and listed it as a victim on its data leak site. It is unclear if the firm responded to or paid a ransom to the hacker group to regain access to the stolen files.