The personal health information of approximately 765 patients of The University of Buffalo (N.Y.) dental clinic may have been compromised after the school's third-party billing services provider was hit with a data breach.
In June, Data Media Associates became aware of a cyberattack on MOVEit software, which it uses for file transfers. The attack on MOVEit affected an estimated 2,500 organizations worldwide, according to an Aug. 16 news release. Progress, which provides the MOVEit software, disclosed the vulnerability May 31 and deployed a patch to the software the same day.
The university said clinic officials were notified July 20 that the cyberattack may have resulted in the unauthorized access of personal health information of patients who received billing statements from the clinic between May 4 and May 26. The information that may have been compromised includes practice demographics, patient account numbers, patient names, guarantor demographics, statement dates, amounts due, service dates, service/payment descriptions, charge amounts, payments and adjustments. No credit card information or Social Security numbers were part of the breach, the university said.
Systems operated and maintained by UB Dental were not breached or compromised.
The university said it would contact affected patients this week.