Cyber Incident Victim: North American Dental Management

On March 31, 2021, unauthorized individuals gained access to email accounts belonging to North American Dental Management (NADM), a vendor providing administrative and technical support services for Professional Dental Alliance (PDA) dental offices. The breach persisted until April 1, 2021, stemming from a phishing attack that compromised employee credentials. NADM secured the affected email accounts upon discovery and initiated an investigation to determine the scope. PDA, notified by its vendor, subsequently determined that protected health information stored within those email accounts might have been accessed. The incident was attributed to credential harvesting through phishing, with no evidence suggesting broader system infiltration beyond the compromised email accounts. Grove Dental Associates, a PDA affiliate, publicly disclosed that the attacker's identity remained partially unknown as NADM's investigation continued.

Exposed patient information potentially included names, addresses, email addresses, phone numbers, dental treatment details, insurance information, Social Security Numbers, and financial account numbers. The breach impacted 125,760 patients across dental practices in ten U.S. states, prompting PDA to file a report with the Department of Health and Human Services' Office for Civil Rights. While no actual misuse of data was confirmed, PDA offered affected individuals two years of complimentary credit monitoring and identity theft protection services. NADM reinforced email security measures following containment, though specific technical enhancements were not detailed in public statements. Notification letters were distributed to patients without delay once the compromised data types and affected population were identified through forensic analysis.