Global Data Breach Impacts 2,500 Institutions: UB Dental Clinic Identified as One of the Affected

by | Aug 17, 2023

In a surprising development, it has been discovered that a significant data breach has affected 2,500 organizations globally. One of the victims is the respected UB Dental Clinic, raising concerns about the security of sensitive information and highlighting the urgent need for strong cybersecurity measures.

The breach occurred earlier this summer and not only puts patients at risk but also exposes vulnerabilities in the billing services provided by DMA, a third-party organization. This incident has prompted a closer examination of data security practices and the actions being taken to address this unprecedented breach.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert that uncovered the breach, revealing that unauthorized individuals had accessed data stored in the MOVEit software used by DMA for billing services. As a result, the personal health information of approximately 765 UB Dental patients has been compromised. It is important to note that UB Dental’s internal systems remained secure during the incident.

The compromised information includes patient names, practice demographics, account numbers, statement dates, amounts due, service dates, service/payment descriptions, charge amounts, and payments or adjustments. While the breach is undoubtedly concerning, it is crucial to emphasize that it only affects patients who received billing statements between May 4 and May 26, 2023.

Upon discovering the vulnerability, DMA acted quickly and implemented recommended fixes provided by MOVEit software developers. Their prompt response involved patching their MOVEit system and conducting a thorough investigation by external experts. This detailed investigation concluded on June 30, 2023, shedding light on the extent and nature of the breach.

Taking responsibility for the situation, DMA is actively informing partner organizations and all affected individuals, including patients of UB Dental Clinic. Affected patients will receive direct communication by mail, providing them with detailed information about the breach and its implications. Patients are advised to carefully review their account statements and explanation of benefits forms for any irregularities or unrecognized activity. If any errors are found, patients are strongly encouraged to report them to their insurance carriers promptly.

Patients will also receive guidance on monitoring their credit and protecting their personal information. Given the potential risks associated with compromised data, patients are advised to securely and regularly monitor their protected health information. To address any concerns or questions patients may have, UB Dental Clinic has established a dedicated helpline (844-248-9266).

The evaluation of the impact on UB Dental patients is being led by the University at Buffalo Information Technology (UBIT) department. This comprehensive assessment aims to identify the full extent of the breach’s consequences and implement necessary measures to prevent similar incidents in the future. UB Dental Clinic, in collaboration with UBIT, is committed to ensuring the highest level of data security and patient confidentiality moving forward.

The recent data breach affecting UB Dental Clinic serves as a clear reminder of the ever-present threat of cyberattacks. As organizations increasingly rely on digital systems to store sensitive information, the need for strong cybersecurity measures becomes increasingly crucial. The prompt response by DMA in fixing their MOVEit system and conducting a thorough investigation is commendable. However, it is vital for all parties involved to remain vigilant and proactive in protecting personal information and combating cyber threats.

The aftermath of this breach should motivate organizations worldwide to reassess their data security practices and invest in comprehensive cybersecurity measures. The protection of sensitive information must be a top priority, and all organizations must collaborate to stay ahead of cybercriminals. Only by being proactive and committed to data security can we hope to reduce the risks posed by these increasingly sophisticated cyberattacks.