Bay Oral Surgery & Implant Center, a network of oral and maxillofacial dental surgery centers in Wisconsin, recently disclosed a significant data breach affecting 13,055 patients. The breach, reported to the HHS’ Office for Civil Rights, involved unauthorized access to an employee’s email account, identified on February 27, 2024. A third-party cybersecurity firm was brought in to investigate, confirming that an unauthorized individual had installed software and accessed the email account starting January 18, 2024.
The compromised information included a wide range of patient data: names, addresses, email addresses, dates of birth, Social Security numbers, insurance card numbers, credit card numbers, banking account information, x-rays, patient health history forms, patient visit summaries, and medical history questionnaires. Despite the extensive nature of the exposed data, the investigation could not determine if the unauthorized individual had viewed or copied the emails or attachments.
In response to the breach, Bay Oral took immediate action by securing the affected email account. The organization has also implemented several measures to prevent future incidents, such as changing IT providers, adopting a 24/7 protection and monitoring solution, and enforcing new policies and procedures to ensure that patient information is not stored in email accounts. Patients affected by the breach have been notified and advised to monitor their credit reports, credit statements, and financial accounts for any signs of fraudulent activity.
While Bay Oral has not received any reports of fraud or identity theft linked to this incident, the organization is urging affected patients to remain vigilant. The breach underscores the critical importance of robust cybersecurity measures in protecting sensitive patient information and highlights the ongoing risks associated with storing such data in email accounts.
