In September 2024, Chord Specialty Dental Partners (CDHA Management and Spark DSO), a Tennessee-based dental service organization supporting over 60 practices across six U.S. states, identified suspicious activity in an employee’s email account. An investigation revealed unauthorized access to multiple email accounts between August 18 and September 25, 2024.
The compromised accounts contained sensitive personal information, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, bank account details, payment card information, medical records, and health insurance information. While Chord has not found evidence of fraudulent misuse, they cannot rule out the possibility of data access.
The Department of Health and Human Services (HHS) was informed that over 173,000 individuals were affected. Chord is offering credit monitoring and identity protection services to those impacted.
This incident underscores the growing cybersecurity threats facing dental organizations. The FBI issued a notice in May 2024 to the American Dental Association and the American Association of Oral and Maxillofacial Surgeons, warning of credible, active cybersecurity threats targeting dental practices. Dental organizations are particularly vulnerable due to the valuable personal and financial data they handle, combined with often limited cybersecurity measures.
To mitigate such risks, dental practices should implement comprehensive security audits to identify vulnerabilities, provide ongoing staff training on recognizing phishing attempts and other cyber threats, and establish robust data protection policies. Regular updates to security protocols and systems are essential to safeguard patient information and maintain trust.
