Cyber Incident Victim: Jones Family Dental

On June 19, 2021, Jones Family Dental detected suspicious activity within its systems and initiated an investigation to assess the incident's nature and scope. The investigation determined an unauthorized actor accessed certain computer systems between April 15, 2021, and April 18, 2021. The organization conducted a review to identify compromised computers, the data stored on them, and the individuals associated with that information. While unable to confirm whether computers containing patient information were specifically accessed during the breach window, Jones Family Dental acknowledged the presence of sensitive patient data on its network at the time of unauthorized access. No evidence indicated that data was viewed or exfiltrated by the threat actor. The organization proceeded with notification despite the absence of confirmed data compromise, characterizing this action as precautionary.

The potentially exposed information included patient names, addresses, dates of birth, driver’s license numbers, treatment notes, health history details, diagnostic information, and health or dental insurance data. Jones Family Dental stated no awareness of actual or attempted misuse of this information following the incident. In response, the organization implemented measures to investigate the breach, evaluate system security, and review and enhance existing policies and procedures. External notifications were made to the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services. Affected individuals were advised to monitor account statements, explanations of benefits, and credit reports for irregularities, though the organization emphasized no identified misuse. Jones Family Dental established a dedicated website section to address patient inquiries regarding the incident.