Cyber Incident Victim: Arakyta

The ransomware attack impacting the Dental Center of Northwest Ohio originated through its third-party IT vendor, Arakyta, with the vendor notifying the healthcare provider of a potential breach around September 1, 2018. Arakyta, based locally in Toledo, experienced a ransomware incident that compromised systems containing sensitive personal data belonging to the Dental Center's current and former patients and employees. The Dental Center disclosed the incident publicly on December 28, 2018, via a press release, indicating a nearly four-month gap between initial notification and public acknowledgment. While the exact ransomware variant, initial attack vector, and specific systems compromised at Arakyta were not detailed in available sources, the breach potentially exposed patient and employee information stored on the vendor's systems.

On November 7, 2018—over two months after Arakyta's initial notification—the Dental Center confirmed that its data housed on Arakyta's systems had been potentially accessible to unauthorized actors during the ransomware event. Despite finding no evidence of actual data access or misuse, the Dental Center proactively initiated breach notifications to affected individuals due to the inherent risk. The organization launched an internal investigation and offered free credit monitoring and identity theft protection services to potentially impacted parties. Additionally, the Dental Center implemented undisclosed additional safeguards and initiated a review of its data privacy and security policies and procedures in response to the incident. The attack underscored third-party risks in healthcare cybersecurity, as the compromise occurred entirely within the vendor's infrastructure rather than the Dental Center's direct systems. No operational disruptions, ransom demands, or financial impacts specific to the Dental Center were disclosed in available reporting.