Yes, a recent dental data breach was reported earlier this month. More than eight million dental patient records were discovered by cyber researchers. The data was left unprotected in a misconfigured online database in the USA. The records contained details of nearly three million patients and information about more than eight million dental appointments. The confidential data was left online by a third-party vendor. This vendor is known for offering automated dental practices various services, including marketing, scheduling, and billing. There is no evidence that hackers have maliciously exploited the data, and the misconfigured server has now been patched. However, it is unknown whether the data was copied, and no one is sure if the data is not already for sale on the Dark Web

Key takeaways: 

  • The most recent dental data breach spilled over 8 million records of millions of dental patients
  • There have been numerous other incidents of cyber-attacks targeting dental practices and other health institutions
  • The leaked information consists of personal details such as date of birth, addresses, names, and contact details 
  • Limiting the impact of such data breaches involves the undertaking of adequate cyber defense techniques and IT hygiene

Why dental clinics are frequent cyberattack targets

Healthcare companies of all kinds have been consistently under attack by hackers for years, as they often lack preparedness for cyberattacks but contain a wealth of sensitive information used by fraudsters to commit various types of crimes, such as identity theft. The recently discovered millions of records were exposed due to a database misconfiguration. The data was accidentally found by cyber researchers scanning the internet, and there is no evidence that the files have been used maliciously yet. It is currently unknown how long the data has been publicly available and whether malicious actors have accessed or copied it.

It is essential to note that, to date, there have been no reports that the exposed information contains Social Security Numbers (SSNs). Even though SSNs are likely not included, having all these data points readily waiting to be explored is certainly something bad actors like to use or sell to other criminals. Companies often try to conceal data leaks, as HIPAA regulations protect such patient data, and businesses want to avoid the hefty fines and public scrutiny associated with data breach acknowledgments. Businesses that fail to protect their patients’ data often end up being targeted by class action lawsuits and face substantial government fines. Sometimes, non-medical companies handling the same data do not fall under the same HIPAA regulations, and those businesses do not face the same consequences for their negligence as a healthcare institution would. 

What patients and dental businesses can do to protect data

While people cannot control how their data is handled, history shows that businesses of any size can be hacked. There are steps that dental patients and businesses, from both the healthcare and IT worlds, can take to avoid becoming victims. 

Both businesses and individuals are recommended to use antivirus software. It helps protect smart devices, networks, servers, and other forms of storage that hold sensitive information. Being prepared is crucial for staying in business. It also helps avoid the fallout that often follows a cyber-attack. The same applies to crimes related to identity theft. Other popular actions are also extremely helpful. These include using two-factor authentication (2FA) whenever possible. It’s also important to be vigilant when opening emails from unknown senders.

Data breaches in healthcare aren´t new– but still dangerous

It is not uncommon for healthcare institutions and third-party vendors to misplace files or be targeted by cybercriminals. The recently discovered breach is not the first time a database containing sensitive data has been left exposed. The data handling process in the healthcare industry clearly needs improvement. These improvements will eventually happen. In the meantime, businesses and patients must do their best to stay one step ahead of scammers. The last thing someone wants when going for a regular dental check-up and cleaning is to deal with fraudsters. These criminals may submit fake insurance claims or commit other crimes. Such issues often stem from IT negligence or simple human error.