Alberta Dental Services Security Breach Exposes 1.47M Records

Written by

Alberta Dental Service Corporation (ADSC) has revealed that nearly 1.47 million individuals have been affected by a data breach that occurred between May 7 and July 9 2023. 

ADSC, a partner of the Government of Alberta, US, administers dental benefits through various programs, and the incident has raised concerns over compromised personal information.

The breach was reportedly discovered on July 9 2023, when an unauthorized third party gained access to a portion of ADSC’s IT infrastructure and deployed malware, temporarily encrypting specific systems and data. 

Although swift countermeasures were taken to secure the network and engage cybersecurity experts, the intruder accessed and copied a portion of the data before the malware deployment.

Read more on healthcare-focused data breaches: NextGen Healthcare Data Breach: One Million Patient Records Affected

“ADSC didn’t reveal how they were compromised. Most ransomware victims were compromised through social engineering or unpatched software,” commented Roger Grimes, data-driven defense evangelist at KnowBe4.

“In telling customers how they are preparing to prevent similar future types of attacks, it would be encouraging for them to share how they were compromised. Because if they can’t tell you how they were compromised, it doesn’t give you as much confidence that they can prevent future compromises.”

The breach impacted three groups, in particular:

  • Dental Assistance for Seniors Plan clients enrolled between July 1 2015 and July 9 2023 may have had their personal information compromised, including name, address, personal health number, date of birth and dental benefits details.
  • Low-Income Health Benefits Plan clients enrolled from January 1 2006 to July 9 2023 may have had their name, date of birth, dental benefits details and government-issued identification number compromised
  • Dental Services Providers enrolled for direct payment of eligible health claims between January 1 2010 and July 9 2023 may have had their corporate details and license numbers exposed

“To protect against such cyberattacks, healthcare organizations must prioritize data-centric security strategies,” explained Erfan Shadabi, a cybersecurity expert at comforte AG.

“One such effective approach is tokenization, which involves substituting sensitive data with unique tokens, rendering the original data meaningless to unauthorized parties.”

The breach poses potential phishing, identity theft and fraud risks for affected individuals. ADSC has implemented enhanced security measures and engaged law enforcement. They are notifying impacted individuals through direct mail and urging vigilance against suspicious communications.

What’s hot on Infosecurity Magazine?