DD Education Services

DD Education Services operates within the healthcare sector, specifically providing services to dental entities. The organisation handles sensitive information integral to dental practice operations, including protected patient health information and insurance billing records. Its scope involves managing critical administrative and financial data, such as employee tax documents, and facilitating communication channels evidenced by compromised voicemail systems. Business and marketing materials related to orthodontics providers also fall within its service purview, indicating support for practice development and promotion. The nature of the compromised data confirms DD Education Services processes highly sensitive personal and financial information on behalf of dental clients.

The organisation was identified as a victim in a significant cybersecurity incident involving the Egregor ransomware group on September 24, 2020. Attackers successfully exfiltrated and leaked sensitive operational data, including patient records and financial documents, demonstrating the organisation's role in handling critical healthcare sector information. Despite the compromise and leakage of financial and healthcare data, the organisation did not publicly acknowledge the breach or issue notifications in response to the incident. This attack highlighted DD Education Services as a target within the healthcare ecosystem due to its possession of valuable protected health information and operational data for dental practices and associated entities like dental insurance associations. The incident underscores the organisation's position within a sector frequently targeted by sophisticated cyber threats seeking sensitive data.