A cybersecurity incident at Rosenbaum Dental Group has resulted in the protected health information (PHI) of 1,200 individuals being compromised.
Rosenbaum Dental Group, an independently owned facility in Florida, is in the process of notifying affected patients of the data breach. The breach is thought to have been caused by a malware infection of a desktop computer on which patient data was stored. The malware may have allowed unauthorized individuals access to patient data.
It is as of yet unknown how the malware was installed on the laptop, but it is likely that a hacker launched a phishing attack on the facility. Only a single member of staff needs to fall for these spoof emails for an entire network to be compromised.
According to Rosenbaum Dental Group, unauthorized individuals may have been able to access information such as patient names, addresses, contact numbers, and health insurance information. No financial information or Social Security numbers were compromised in the attack. Although the information that a hacker may have harvested is somewhat limited in comparison to other data breaches, as insurance information was contained in the files, affected patients are still at considerable risk of becoming victims of fraud.
An investigation was launched into the attack. Investigators were unable to determine whether patients’ PHI was compromised in the attack. However, out of an abundance of caution, Rosenbaum has offered all affected patients one year’s membership to credit monitoring and reporting services free of charge.
Follow HIPAA’s Breach Notification Rule, Rosenbaum has sent breach notification letters by mail. They also submitted a breach notification report to the Department of Health and Human Services’ Office for Civil Rights. The report indicates that 1,200 individuals were affected. It is likely that further information about the breach shall be released in the coming weeks.