Cyber Attacks Reported by Smile Brands Ransomware Attack and ArCare

Smile Brands located in Irvine, CA offers support services for dental clinics. It just gave a new report on the number of persons affected by a ransomware attack, which was uncovered on April 24, 2021. The attackers obtained access to sections of its network on April 23, 2021, that stored files that comprised the protected health information (PHI) of people, such as names, phone numbers, addresses, birth dates, Social Security numbers, financial data, government-issued ID numbers, and health data.

The breach report was at first filed with the HHS’ Office for Civil Rights on June 2021 as having 1,200 victims, however, the breach report was eventually modified to specify around 199,683 people were impacted. Nevertheless, in the newest report to the Maine attorney general, the breach was reported as impacting approximately 2,592,494 individuals. The first notice to the Maine attorney general was filed on October 8, 2021.

Smile Brands stated that affected people were given a free one-year membership to a credit checking service, which consists of identity theft support services and protection of a $1 million identity theft insurance policy.

Malware Likely Granted Hackers Access ArCare Patient Records

Arcare, a company offering primary care and behavioral health services throughout Arkansas, Kentucky, and Mississippi, has announced that patient files were likely accessed by unauthorized persons in a cyberattack that was found out on February 24, 2022. Because of the malware discovered within its system, there was a temporary interruption to its services. ArCare took fast action to avert continuous unauthorized access and started an investigation to know the nature and extent of the incident.

The investigation established on March 14, 2022, that the threat actors may have viewed sensitive data between January 18, 2022 and February 24, 2022. An evaluation of the impacted data files was finished on April 4, 2022, and affirmed they comprised names, driver’s license or state identification numbers, Social Security numbers, dates of birth, financial account details, medical treatment data, prescription data, medical diagnosis or condition details, and medical insurance data.

Though data was compromised, there was no proof identified that indicates actual or attempted misuse of patient information. ARcare mentioned it has modified its guidelines and procedures pertaining to data safety and security and delivered notification letters to affected people on April 25, 0222.

The breach is not yet published on the HHS’ Office for Civil Rights breach website thus it is presently unknown how many persons were impacted.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA