On November 17, 2019, the 10 practices of btyDENTAL in Anchorage, Alaska, discovered that some of their servers had been impacted by ransomware. Though the group says there is no evidence that patient information was accessed, viewed, misused, or disclosed, it is notifying its patients via letters of the event so they can take steps to secure their data.
According to btyDENTAL, its IT team immediately intervened to restore the impacted servers. A third-party IT consultant company that specializes in healthcare then investigated if any information may have been impacted. The investigation was unable to determine if any patient names or x-ray images had been accessed or viewed by unknown third parties.
Also, btyDENTAL notes that its practice management software and database were encrypted as required by the Health Insurance Portability and Accountability Act (HIPAA), and no financial information, medical records, Social Security numbers, or dates of birth were impacted by the event. The group says it has taken steps to prevent similar events from occurring in the future and will review and revise its information and security policies and procedures.
“The privacy and security or our patient information is a top priority for btyDENTAL. We continually evaluate the security of our patient health information (PHI), and we strive to improve and strengthen the IT security through training of our employees and most up-to-date security measures,” said Robert Croft, vice president of btyDENTAL. “We deeply regret any inconvenience or concern this incident may cause.”