The personal data of more than a million Texans may have been exposed in a cyber-attack on a large dental care provider.
The security incident occurred at Dallas-based JDC Healthcare Management LLC (JDC), which has 72 Jefferson Dental & Orthodontics offices across the Lone Star State.
In a data incident notice posted to its website, JDC wrote: “On or about August 9, 2021, JDC became aware of a malware incident impacting certain company systems.
“JDC immediately worked to restore its systems and launched an investigation, with assistance from third-party computer forensic specialists, to determine the nature and scope of the incident.”
After launching an investigation into the attack, Jefferson began notifying impacted patients in January. Data that may have been compromised in the attack included Social Security numbers, dates of birth, driver’s license numbers, health insurance information, clinical information and financial information.
“While our investigation is ongoing, on August 13, 2021, we determined that certain documents stored within JDC’s environment were copied from or viewed on the system as part of the cyber incident between July 27 2021 and August 16,2021,” stated the company.
“Based on the investigation, JDC is currently conducting a detailed review of the impacted data to determine the type of information and to whom it relates.”
The incident was reported to the Texas Attorney General’s Office as a data breach impacting up to 1,026,820 Texas residents, making it the most significant reported breach in the state since Texas enacted a new data breach notification law on September 1 last year, requiring companies to report all data breaches affecting 500 or more Texans to the Texas Attorney General’s Office.
The company said it had found no evidence of any data exposed in the attack being misused. Since falling victim to malware, JDC has begun a review of its cybersecurity posture.
“Upon learning of this incident, we moved quickly to investigate and respond to this incident, assess the security of our systems, restore functionality to our environment, and notify potentially affected individuals,” said the company.
“As part of JDC’s ongoing commitment to the security of information, JDC is reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event and has reported this incident to law enforcement.”