Associates in Pediatric Dentistry

Associates in Pediatric Dentistry (AIPD), a Louisiana-based dental practice specializing in pediatric dentistry, experienced a data breach earlier in the year, affecting a significant number of patients. The breach was identified after the practice noticed unusual activity in its email system. An investigation, assisted by a third-party forensic investigator, revealed that certain email accounts had been accessed without authorization between January 27, 2023, and February 8, 2023. It was determined that some emails and attachments, which may have contained patient information, were potentially viewed or copied. The compromised information varied per patient but could include names, addresses, contact information, dates of birth, treatment and diagnosis information, dates of treatment, provider names, costs of treatment, and health insurance information[1][5].

In response to the incident, AIPD took immediate steps to secure its email system and implemented additional safeguards and technical security measures to enhance the protection and monitoring of its email system. The practice also began mailing notification letters to affected patients on August 25, 2023, advising them to review statements from healthcare providers and contact them if discrepancies were found. A dedicated call center was established to address questions related to the breach[1].

This incident underscores the importance of robust cybersecurity measures and the potential risks associated with electronic communications and data storage. Healthcare providers, including dental practices, are increasingly targeted by cyberattacks due to the sensitive nature of the information they handle. The Health Insurance Portability and Accountability Act (HIPAA) sets standards for protecting this information, and breaches can result in significant penalties and loss of trust. For instance, L.A. Care, the country’s largest publicly operated health plan, settled potential HIPAA violations linked to data breaches for $1.3 million, highlighting the serious implications of failing to adequately protect patient information[8][17][20].

To prevent similar incidents, healthcare entities must conduct thorough risk analyses, implement effective security measures, and regularly review and update their cybersecurity practices to address evolving threats.

Citations:

1. https://www.aipdbr.com/notice
2. https://www.hipaajournal.com/hipaa-violation-cases/
3. https://www.nbcsandiego.com/news/investigations/nbc-7-investigates-dentist-accused-of-unnecessary-work-on-children/2866717/
4. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html
5. https://www.beckersdental.com/dentists/41842-louisiana-dental-practice-reports-data-breach-law-firm-investigating.html
6. https://www.healthcareitnews.com/slideshow/biggest-healthcare-breaches-2017-so-far
7. https://www.justice.gov/usao-sdtx/pr/three-charged-6m-pediatric-dental-fraud-scheme
8. https://www.fiercehealthcare.com/payers/la-care-must-pay-13m-settlement-over-data-breaches-violated-hipaa-rules-protecting-patient
9. https://www.aipdbr.com
10. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6318733/
11. https://www.hhs.gov/about/news/2023/09/11/hhs-office-civil-rights-settles-with-la-care-health-plan-potential-hipaa-security-rule-violations.html
12. https://www.aapd.org
13. https://ldh.la.gov/assets/oph/nutrition/WIC/BasicHIPAACourse.pdf
14. https://oag.ca.gov/privacy/databreach/list
15. https://healthitsecurity.com/news/stolen-ipad-leads-to-potential-phi-exposure-at-kaiser-permanente
16. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
17. https://www.healthcaredive.com/news/la-care-hipaa-breach-settlement/693377/
18. https://www.lbpds.net
19. https://www.hhs.gov/hipaa/filing-a-complaint/index.html
20. https://www.hipaajournal.com/la-care-health-plan-1300000-hipaa-settlement/