Alberta Dental Service Corporation (ADSC) has disclosed a major data breach impacting almost 1.47 million individuals during the period between May 7 and July 9, 2023. ADSC, a partner of the Government of Alberta in the United States, manages dental benefits through diverse programs, and the breach has triggered concerns about the compromise of personal information.
Furthermore, the breach was uncovered on July 9, 2023, when an unauthorized third party breached a section of ADSC’s IT infrastructure and deployed malware, leading to temporary encryption of specific systems and data. Swift measures were taken to secure the network and involve cybersecurity experts, yet the intruder managed to access and duplicate a portion of the data prior to deploying the malware.
Additionally, ADSC has not revealed the specifics of how the breach occurred, prompting discussions around their ability to prevent future attacks. Roger Grimes, a data-driven defense evangelist at KnowBe4, noted that most ransomware victims fall prey to social engineering or unpatched software and emphasized the importance of sharing details about past compromises to inspire confidence in preventive measures.
To address such cyber threats, healthcare organizations are urged to prioritize data-centric security strategies. Erfan Shadabi, a cybersecurity expert at comforte AG, highlighted the effectiveness of tokenization, a method involving the substitution of sensitive data with unique tokens to render the original data incomprehensible to unauthorized parties.
The breach has introduced potential risks of phishing, identity theft, and fraud for the individuals affected. ADSC has responded with heightened security protocols and collaboration with law enforcement agencies. The company is actively notifying impacted individuals through direct mail, while also urging caution regarding suspicious communications. This incident underscores the critical need for robust security measures and transparency in detailing breach incidents to bolster confidence in safeguarding sensitive personal data.
