Cyber Incident Victim: Superior Dental Care

Superior Dental Care (SDC), an Ohio-based dental insurance carrier, identified suspicious activity within an employee’s email account on January 23, 2019. The company immediately secured the compromised account and initiated an investigation with third-party forensic experts to assess the nature and scope of the incident. On February 11, 2019, the investigation confirmed that an unknown party had gained unauthorized access to the employee’s email account. This unauthorized access occurred between December 21, 2018, and January 23, 2019, when SDC discovered and terminated the intrusion. The compromised email account contained members’ personal information, including names, addresses, Social Security numbers, payment details, and medical information related to dental services. SDC determined that this data was potentially accessed during the breach window but did not disclose the total number of affected individuals in its public statement.

SDC began notifying potentially impacted members through a public website posting and individual mailed letters starting March 25, 2019. The notification letters included information about fraud and identity theft protection measures, along with resources for credit and identity monitoring. The company established a dedicated assistance line operational Monday through Friday from 8:00 a.m. to 8:00 p.m. ET to address member inquiries. In response to the incident, SDC implemented updated security processes to strengthen its systems and committed to ongoing collaboration with third-party experts to enhance security measures. No evidence suggested misuse of the exposed data at the time of disclosure, though the breach created risks of financial fraud and identity theft for affected members due to the sensitivity of the compromised information.