Cyberattacks Reported by Healthcare Providers in North Carolina, Rhode Island, & California
Knowles Smith & Associates, which does business as Village Family Dental and operates 7 dentistry offices in North Carolina, recently notified 240,214 current and former patients that some of their protected health information was exposed in a November 2023 cyberattack.
Village Family Dental said anomalous activity was detected within its network on November 17, 2023. The affected systems were immediately taken offline and third-party cybersecurity experts were engaged to investigate the activity. The forensic investigation confirmed that there had been unauthorized access to its network, and on February 8, 2024, it was confirmed that files containing patient data were potentially viewed or acquired.
Dental records and other health information were not exposed, with the compromised data limited to names, patient ID numbers, provider names, addresses, dates of birth, chart numbers, telephone numbers, and email addresses. Village Family Dental said no evidence has been found to indicate any attempted or actual misuse of patient data. Notification letters were mailed to the affected individuals on April 8, 2024.
Village Family Dental said it has been working with third-party cybersecurity experts to evaluate and enhance its security practices to prevent similar incidents in the future and confirmed that “significant steps” have been taken to mitigate the risk to persons impacted by the cyberattack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Valley Mountain Regional Center
On April 19, 2024, Valley Mountain Regional Center in California announced a data security incident that was detected on August 1, 2023. Unusual activity was detected within its network and immediate action was taken to secure its systems. The forensic investigation confirmed that unauthorized individuals had access to its network and exfiltrated files containing patient information on or around July 29, 2023.
A third-party vendor was engaged to review the affected files, and on February 20, 2024, confirmed that personal and protected health information was involved. The types of data involved varied from individual to individual and may have included names, Social Security numbers, taxpayer identification numbers, dates of birth, driver’s license numbers, username and password, biometric data, medical treatment and/or diagnosis information, and/or health insurance information. Valley Mountain Regional Center said it is unaware of any misuse of patient data. The affected individuals have been offered complimentary identity protection services through Cyberscout.
The breach has been reported to the HHS’ Office for Civil Rights, but it is not yet displayed on OCR’s breach portal, so it is currently unclear how many individuals have been affected.
Blackstone Valley Community Health Center
Blackstone Valley Community Health Center in Pawtucket, RI, has announced a cyberattack that occurred on November 11, 2023, which disrupted its computer network. After securing its network, third-party cybersecurity experts were engaged to investigate the cause of the disruption and determined that an unauthorized third party had access to its network.
The review of the exposed files was concluded on March 11, 2024, and confirmed that they contained patient data including names, Social Security numbers, and medical information. Notification letters were mailed to the affected individuals on April 18, 2024. The affected individuals have been offered single bureau monitoring, credit reporting, and credit score services at no charge, and network security has been enhanced to prevent similar breaches in the future. The breach was recently reported to the Maine Attorney General as affecting up to 34,416 individuals.
