Hackers have struck again, and this time an Oregon healthcare provider was the target; the Advantage Dental data breach is reported to affect at least 151,000 individuals. Advantage Dental operates over 30 clinics in the state.
Social Security Numbers Exposed in Advantage Dental Data Breach
The security breach resulted in hackers potentially gaining Social Security numbers along with names, phone numbers, addresses and dates of birth of the center’s patients; although Advantage Dental has confirmed that no financial information or medical information was obtained by the thieves. Law enforcement officers have been notified of the illegal accessing of its servers, although the perpetrators have not been identified at this stage of the investigation.
It has only been a month since the incident, but it would appear that the data has not yet been used for fraudulent purposes according to Advantage Dental; however oftentimes thieves do not commit fraud immediately and there is a delay between criminals obtaining PHI and using it for fraudulent purposes. Also, in contrast to credit card fraud, medical and insurance fraud often takes much longer to be identified by the victims.
In an effort to minimize any damage caused, all affected individuals are being offered credit monitoring services for a year without charge. Advantage’s HIPAA compliance manager, Jeff Dover, said that the company has anti-virus software installed, but there may have been a delay between new versions of viruses and malware being released and the anti-virus software companies releasing updates to neutralize the threat.
At the moment it is not clear how malware managed to get through the security controls that were put in place, but Dover confirmed that the malware was used to obtain the user credentials of one of the company’s members of staff, allowing the cybercriminals to get past the security defenses.
The Advantage Dental data breach may not rank as one of the largest, but it is worrying none the less. The healthcare provider appears to have installed a reasonable security system yet the hackers were still able to gain access to the data.
Data Breaches Are Taking Many Months to Discover
In light of the recent HIPAA breach at Premera Health and the Anthem data breach – where the intrusions went unnoticed for a number of months – the response time appears to be very reasonable by comparison. The healthcare provider was logging and monitoring inappropriate access attempts regularly. In this instance, the breach was identified within three days of hackers gaining access. However, between Feb 23 and Feb 26 of this year, the hackers had free access to its systems and were able to access and potentially copy all of the stored data on the server.
It is not just hackers that are hitting the headlines in Oregon this week, Mosaic Medical, a health center in central Oregon, reported a data breach that affected 2,200 patients after a break in at its facilities.