Sarrell Dental in Alabama notified HHS on Sept 12 of an incident impactng 391,472 patients, but their report did not get posted right away, which may explain why this incident has pretty much flown under the media radar. According to Wikipedia, Sarrell Dental and Eye Centers, is a non-profit orgranization and  the largest dental provider in the state of Alabama, currently operating 17 dental clinics. A statement from Sarrell provides some of the details of the incident: In July 2019, we detected ransomware on Sarrell Dental computers that appears to have been the result of an intrusion that may have begun in or around January 2019. Sarrell took its servers offline and their offices were closed for two weeks while they rebuilt their business systems and hardened their security. To date, the investigation has reportedly not found evidence that any files or information were copied, downloaded, or removed from their network.  But as we’ve seen time and time again, the entity is making notification because of what it cannot prove — i.e., that there was no access or copying or misuse.  A web site created for the incident by IDExperts indicates that patients’ names, addresses, dates of birth, Social Security Numbers, health insurance information, and treatment information were stored on the affected systems. The treatment information for a patient might include some combination of dates of service, procedure codes, diagnosis codes and/or the name of treating dentist.  

Categories: security