EDI Health Group dba DentalXChange
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
EDI Health Group, doing business as DentalXChange, experienced a data breach that was officially reported on January 2, 2024, following the discovery of unauthorized access to sensitive patient information. The breach was initially identified on August 11, 2023, when DentalXChange became aware of unauthorized activity within a user account associated with a dental practice. In response, the company took immediate steps to secure its systems, notified law enforcement, and engaged third-party cybersecurity specialists to investigate the incident and assess the potential impact on patient data.
The investigation revealed that an unauthorized party had gained access to files containing confidential patient information. However, it could not be definitively confirmed which specific files, if any, were accessed by the unauthorized party. The compromised information includes patients’ names, addresses, dates of birth, insurance details (including subscriber IDs), and a list of dental procedures performed. DentalXChange completed its review of the compromised files on December 26, 2023, and subsequently began notifying affected individuals through data breach letters sent out on January 2, 2024. These letters aimed to inform victims about the breach and the specific information about them that was compromised.
DentalXChange is a business services company based in Irvine, California, established in 1989. The company has developed a dental payment platform designed to streamline the claims process, allowing dental care practitioners to submit claims and receive payments for services more efficiently. DentalXChange serves approximately 107,000 providers, processes over 71 million claims annually, employs more than 74 people, and generates around $6 million in annual revenue[1].
Victims of the data breach are advised to understand the risks associated with the exposure of their sensitive information and to take appropriate steps to protect themselves from potential fraud or identity theft. Legal consultation may also be beneficial for understanding and pursuing any available legal options in response to the breach[1].
The breach has been reported to the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights, indicating that it affected 2,574 individuals. The incident is classified as a “Hacking/IT Incident” involving a “Network Server”[4].
Citations:
- https://www.jdsupra.com/legalnews/dentalxchange-provides-notice-of-data-8720805/
- https://www.iphec.org/sites/default/files/Arizona%20State%20University%20(Arizona%20Board%20of%20Regents)%20-%20Cooperative%20Contract%20-%20with%20attachments.pdf
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://reise-geld-zurueck.de/ctep/carefirst-administrators-provider-search.html
- https://www.dentalxchange.com/user-agreement
- https://pub.tunisienumerique.com/adserver/www/delivery/ck.php?oaparams=2__bannerid%3D87__zoneid%3D4__cb%3D077fca649f__oadest%3D%2F%2FEAWlIH801-14li72.%D1%81%D1%81%D0%BE%D1%80%D0%B2%D0%BF.%D1%80%D1%84
- https://dojmt.gov/consumer/databreach/
- https://colevannote.com/investigations/
- https://payerlist.claimremedi.com/enrollment/Denti-Cal%20837%20and%20835.pdf
- https://www.novaoneadvisor.com/report/us-dental-clearing-houses-market
- https://www.visionresearchreports.com/us-dental-clearing-houses-market/41139