Dallas-based Jefferson Dental Care Healthcare Management began notifying 45,748 patients Feb. 7 of a phishing attack that may have exposed their protected health information.
JDC Healthcare Management noticed suspicious activity in an employee's email account in October. Upon investigation, the dental service organization determined that an unauthorized third party had accessed the email account between July 21 and Aug. 26, 2019.
Patient data that may have been exposed included names, addresses, dates of birth, medical treatment information and histories, health insurance information, payment information, patient numbers and medical record numbers. No Social Security numbers were affected.
There is no evidence that patient data has been misused. JDC Healthcare Management recommends patients review any account statements and monitor credit reports.
"JDC takes the confidentiality, privacy and security of information in our care seriously. Upon discovery, JDC immediately commenced an investigation to confirm the nature and scope of the incident. JDC is taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security," the DSO said in an online statement.