SUNY at Buffalo School of Dental Medicine

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The University at Buffalo School of Dental Medicine experienced a data security incident involving a third-party billing services provider, Data Media Associates, LLC (DMA). DMA, which uses MOVEit for file transfer services, was one of approximately 2,500 organizations worldwide affected by a cyberattack on MOVEit systems. This incident may have resulted in unauthorized access to the personal health information of 765 UB Dental Clinic patients who received billing statements between May 4 and May 26, 2023[1][2][4][7].

The compromised information may have included practice demographics, patient account numbers, patient names, guarantor demographics, statement dates, amounts due, service dates, service/payment descriptions, charge amounts, payments, or adjustments. Importantly, no credit card information or Social Security Numbers were involved in the breach[1][2][4][7].

UB Dental has confirmed that none of its directly operated or maintained systems were breached or compromised. Upon learning of the MOVEit vulnerability, DMA took immediate steps to patch its system and conducted a comprehensive investigation with external experts to determine the scope of the breach. DMA has also taken all remediation measures recommended by the MOVEit software developers and is evaluating additional safeguards to enhance data security[1].

Affected patients were contacted by mail with information on how to monitor their credit and safeguard their personal information. UB Dental has provided a contact number (844-248-9266) for patients with questions about the breach[1][2][4][7].

Citations:

  1. https://www.buffalo.edu/news/releases/2023/08/data-media-associates.html
  2. https://buffalonews.com/news/article_830a1a8c-41bd-11ee-a2b2-6329a4dfb86e.html
  3. https://caselaw.findlaw.com/ny-supreme-court-appellate-division/1238829.html
  4. https://buffalonews.com/news/local/business/765-ub-dental-clinic-patients-may-be-affected-by-larger-moveit-data-breach/article_830a1a8c-41bd-11ee-a2b2-6329a4dfb86e.html
  5. https://www.schoolmatters.com/student-defense-university-at-buffalo-school-of-dental-medicine/
  6. https://system.suny.edu/sci/news/8-9-21-due-process/index.html
  7. https://www.niagara-gazette.com/news/local_news/ub-dental-clinic-reports-data-security-breach-at-third-party-billing-service/article_9fb81a8a-3c59-11ee-8c36-f749efbd7604.html
  8. https://trellis.law/case/36029/813033-2023/frank-rossotto-v-eugena-stephan-university-buffalo-dr-datish-k-tripathi-university-buffalo
  9. https://trellis.law/doc/197966163/decision-on-motion-submit-ord-jgmt
  10. https://medicine.buffalo.edu/offices/omc.host.html/content/shared/www/ubit/news/2023/data-breach.detail.html
  11. https://casetext.com/case/barsoumian-v-univ-at-buffalo
  12. https://search.proquest.com/openview/5064e347e3332659154f613d02471ba6/1?cbl=41679&pq-origsite=gscholar
  13. https://www.hipaajournal.com/hipaa-breaches/
  14. https://www.wnypapers.com/news?amp%3Blist_news_articles_col=kizgmyatjzmk&list_news_articles_dir=ASC&list_news_articles_page=284
  15. https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-march-2021
Breach Submission Date Aug 16, 2023
Converted Entity Name SUNY at Buffalo School of Dental Medicine
Converted Entity Type Healthcare Provider
State NY
Individuals Affected 765
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes