Free Consultation
call our office
2900 Union Lake Rd., Suite 214
Commerce Township
Michigan 48382

The LaMaster Law Firm Blog

Friday, December 18, 2020

Dental Services Organization Hacked: 1 Million Patients Affected

Dental Care Alliance (DCA) has been hacked, exposing the personal information of more than 1 million patients. According to a breach report submitted to the Maine attorney general’s office, stolen information includes individuals' name or other personal identifying information, including:

  • Financial account number
  • Credit/debit card numbers
  • Security codes
  • Access codes
  • Passwords
  • PIN numbers

The Florida-based dental services organization (DSO) provides billing, accounting, payroll, volume purchasing, operations management and IT services to 320 dental practices in 20 states.

If details of the report are accurate, the incident would be one of the largest health data beaches in 2020. DCA’s breach report says that the company became aware of suspicious activity on October 11 and initiated an investigation in conjunction with third-party forensic specialists.

The report stated that unauthorized individuals accessed the DCA’s network between Sept. 18 and Oct. 13, and that the company is conducting a review to identify individuals whose personal information could be impacted. At risk information includes:

  • Name
  • Address
  • Dental diagnosis and treatment information
  • Patient account number
  • Treating, billing information
  • Dentist's name, bank account number, and health insurance information

An additional notification document submitted to Maine's attorney general notes that the investigation is ongoing and DCA will provide additional information “if new significant facts are learned subsequent to its submission."

DCA also noted that the company (1) has implemented additional safeguards and training for its employees and (2) is advising impacted individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank. However, DCA is not offering prepaid credit or ID theft monitoring to those affected.

Why This Matters

While more dental practices are relying on DSOs today to relieve them of administrative details, dentists are ultimately responsible for ensuring the privacy of patients’ personal health information and adhering to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Given the complexities of HIPAA compliance, and the potential for enhanced regulatory scrutiny by the Department of Health and Human Services (HHS) under the incoming Biden Administration, it is crucial for dental practices to have proper legal representation.

In the end, the best way to protect your practice from liability arising from data breaches as well as to understand your obligations under HIPAA is to consult with an attorney who provides legal services to dental professionals.

Archived Posts


© 2021 The LaMaster Law Firm, PLLC | Disclaimer
2900 Union Lake Rd.,, 214, Commerce Township, MI 48382
| Phone: 888.680.4766

Service Areas | Firm Overview | Services | Industries | Resources

Law Firm Website Design by
Zola Creative