The Foleck Center, LTD

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Foleck Center Data Breach Overview

The Foleck Center, LTD, a full-service dental practice based in Virginia, experienced a significant data breach that compromised sensitive personal identifiable information of over 6,000 individuals. This incident has raised concerns about the security measures in place to protect patient data and the potential consequences for those affected.

Details of the Breach

The breach was discovered on October 26, 2023, when The Foleck Center identified unauthorized access to its systems, specifically through an employee’s email account. The unauthorized access occurred between September 4, 2023, and October 31, 2023. The investigation revealed that an unauthorized actor might have accessed sensitive information through this compromised email account[7].

The types of information potentially exposed in the breach include names, Social Security numbers, addresses, dates of birth, driver’s license numbers, employer names and addresses, dates and office locations of treatments/appointments, patient and system ID numbers, and insurance information[7].

Response and Recommendations

Following the discovery of the breach, The Foleck Center began notifying individuals whose information may have been impacted and recommended steps to protect their personal information. These steps include enrolling in any free credit monitoring services provided by The Foleck Center, changing passwords and security questions for online accounts, regularly reviewing account statements and credit reports for signs of fraud or unauthorized activity, and contacting a credit bureau to request a temporary fraud alert[7].

Additional Findings

A related investigation found that the breach involved the unauthorized setting of a forwarding rule on an employee’s email account, which forwarded emails to a Gmail account not associated with The Foleck Center or its employees. This unauthorized access allowed copies of all emails sent to the employee’s account during the specified period to be forwarded to the unauthorized Gmail account[9].

Impact and Legal Considerations

The breach has affected nearly 7,000 patients, exposing them to the risk of identity theft and fraud. The Foleck Center has provided HIPAA and security awareness training to employees several times a year, and in response to this incident, additional training is being provided to improve password and network security[9].

Conclusion

The data breach at The Foleck Center, LTD highlights the importance of robust cybersecurity measures and the need for continuous vigilance to protect sensitive personal information. Individuals affected by the breach are advised to follow the recommended steps to safeguard their personal information and monitor their accounts for any unusual activity.

Citations:

  1. https://thefoleckcenter.com/contact/virginia-beach/
  2. https://www.deltadentalva.com
  3. https://thefoleckcenter.com
  4. https://www.dentalcarealliance.net
  5. https://thefoleckcenter.com/about/meet-the-doctors/
  6. https://www.linkedin.com/in/tiffany-saunders-0b7045108
  7. https://www.turkestrauss.com/2024/01/03/the-foleck-center-data-breach-investigation/
  8. https://www.yellowpages.com/newport-news-va/mip/deer-park-dental-12117642
  9. https://www.hipaajournal.com/email-breach-foleck-center-mountain-dermatology-specialists/
  10. https://www.13newsnow.com/article/news/body-of-murdered-girl-coming-home-to-hampton-roads/291-221930349
  11. https://thefoleckcenter.com/contact/norfolk/
  12. https://www.linkedin.com/in/francisco-limon-230a4892
  13. https://yelp.com/biz/the-foleck-center-virginia-beach
  14. https://www.yelp.com/search?cflt=endodontists&find_loc=Newport+News%2C+VA
  15. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
Breach Submission Date Dec 22, 2023
Converted Entity Name The Foleck Center, LTD
Converted Entity Type Healthcare Provider
State VA
Individuals Affected 6,965
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes