A dental practice in Indianapolis agreed to pay $350,000 to settle a lawsuit brought by the state following a ransomware attack and unauthorized access to patient information, according to a Dec. 31 report from Inside Indiana Business.
Here are eight things to know:
1. Westend Dental agreed to pay $350,000 to update and improve its data protection and patient privacy practices after a state investigation into the data breach.
2. In a Dec. 23 lawsuit, Indiana Attorney General Todd Rokita alleged that Westend Dental suffered an online attack in October 2020 that exposed patient information. Mr. Rokita accused the practice of denying the incident occurred, attempting to cover up the attack and not report the breach within time limits.
3. The exact number of individuals who were affected by the attack is not known, as Westend Dental did not launch a forensic investigation.
4. The state discovered that the attack occurred on or around Oct. 20, 2020, but the practice did not report the breach until Oct. 28, 2022. HIPAA requires notification within 60 days of the discovery of an attack.
5. The data breach happened on a server at Westend Dental's Arlington location, which at the time of the attack had about 450 patients.
6. Compromised data includes biometric information, insurance information, treatment plans and dental charts and images.
7. Westend Dental has six locations throughout Indiana and serves at least 17,000 patients.
8. In the settlement agreement, Westend Dental did not admit to violating any laws.