Cyber Incident Victim: Dental Center of Northwest Ohio

The Dental Center of Northwest Ohio, based in Toledo, disclosed on December 28, 2018, that a ransomware attack targeting its third-party IT vendor Arakyta potentially compromised personal information belonging to current and former patients and employees. Arakyta alerted the healthcare provider about the possible breach around September 1, 2018. Following this notification, the Dental Center conducted its own review and confirmed on November 7, 2018, that systems containing its data had been potentially accessible to an unauthorized actor due to the vendor's ransomware incident. While the Dental Center found no evidence suggesting actual unauthorized access or misuse of personal information, it determined the risk warranted notification to potentially affected individuals. The breach exposure window remained unspecified in the disclosure.

In response to the incident, the Dental Center initiated an investigation to assess the scope and implications of the data exposure. The organization offered free credit monitoring and identity theft protection services to individuals whose information may have been accessible. Concurrently, the Dental Center implemented additional security safeguards and began reviewing its existing policies and procedures related to data privacy and security practices. The ransomware attack directly impacted Arakyta's systems rather than the Dental Center's own infrastructure, but the compromise of vendor systems created downstream risks for protected health information and employee records maintained through the IT partnership. No operational disruptions or ransom demands affecting dental services were reported in connection with the incident.