SUNY at Buffalo School of Dental Medicine
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The University at Buffalo School of Dental Medicine experienced a data security incident involving a third-party billing services provider, Data Media Associates, LLC (DMA). DMA, which uses MOVEit for file transfer services, was one of approximately 2,500 organizations worldwide affected by a cyberattack on MOVEit systems. This incident may have resulted in unauthorized access to the personal health information of 765 UB Dental Clinic patients who received billing statements between May 4 and May 26, 2023[1][2][4][7].
The compromised information may have included practice demographics, patient account numbers, patient names, guarantor demographics, statement dates, amounts due, service dates, service/payment descriptions, charge amounts, payments, or adjustments. Importantly, no credit card information or Social Security Numbers were involved in the breach[1][2][4][7].
UB Dental has confirmed that none of its directly operated or maintained systems were breached or compromised. Upon learning of the MOVEit vulnerability, DMA took immediate steps to patch its system and conducted a comprehensive investigation with external experts to determine the scope of the breach. DMA has also taken all remediation measures recommended by the MOVEit software developers and is evaluating additional safeguards to enhance data security[1].
Affected patients were contacted by mail with information on how to monitor their credit and safeguard their personal information. UB Dental has provided a contact number (844-248-9266) for patients with questions about the breach[1][2][4][7].
Citations:
- https://www.buffalo.edu/news/releases/2023/08/data-media-associates.html
- https://buffalonews.com/news/article_830a1a8c-41bd-11ee-a2b2-6329a4dfb86e.html
- https://caselaw.findlaw.com/ny-supreme-court-appellate-division/1238829.html
- https://buffalonews.com/news/local/business/765-ub-dental-clinic-patients-may-be-affected-by-larger-moveit-data-breach/article_830a1a8c-41bd-11ee-a2b2-6329a4dfb86e.html
- https://www.schoolmatters.com/student-defense-university-at-buffalo-school-of-dental-medicine/
- https://system.suny.edu/sci/news/8-9-21-due-process/index.html
- https://www.niagara-gazette.com/news/local_news/ub-dental-clinic-reports-data-security-breach-at-third-party-billing-service/article_9fb81a8a-3c59-11ee-8c36-f749efbd7604.html
- https://trellis.law/case/36029/813033-2023/frank-rossotto-v-eugena-stephan-university-buffalo-dr-datish-k-tripathi-university-buffalo
- https://trellis.law/doc/197966163/decision-on-motion-submit-ord-jgmt
- https://medicine.buffalo.edu/offices/omc.host.html/content/shared/www/ubit/news/2023/data-breach.detail.html
- https://casetext.com/case/barsoumian-v-univ-at-buffalo
- https://search.proquest.com/openview/5064e347e3332659154f613d02471ba6/1?cbl=41679&pq-origsite=gscholar
- https://www.hipaajournal.com/hipaa-breaches/
- https://www.wnypapers.com/news?amp%3Blist_news_articles_col=kizgmyatjzmk&list_news_articles_dir=ASC&list_news_articles_page=284
- https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-march-2021