What happened?Professional Dental Alliance (“PDA”) was recently notified that a few email accounts of its vendor, North American Dental Management, containing some limited patient information were accessed by an unauthorized person between March 31 and April 1, 2021 as the result of an email phishing incident. At this time, the identity of some individuals is known, but the vendor’s investigation is ongoing. This notice will be updated with additional information as the investigation continues. Our vendor has confirmed that access to information was limited to a few email accounts. There is no current evidence of any actual misuse of personal information and current information indicates that the attack was limited to email credential harvesting.
What has been done?We are very serious about protecting the personal information of our patients and have confirmed that immediate action was taken to secure the email accounts and information in the accounts, information in the vendor’s network and information in the PDA network. We are continuing to take actions to confirm the security and privacy of all personal information including providing complimentary identity theft protection services, enhancing email security, providing email security training to staff and email phishing tests. Monitoring of the dark web is being conducted to determine if any malicious use of information has occurred and as of this date, there is no indication of malicious use of personal information.
Who is potentially affected?Because personal information may have been potentially exposed, we are providing notice so that potentially affected individuals may take precautions to protect themselves. We are continuing to identify potentially affected persons. Additional individual notice will be provided at such time that potentially affected individuals are identified. If you were a patient or patient guarantor at our dental practice prior to April 2, 2021, your personal information may have been impacted.
What information was affected?There was no access to PDA’s patient electronic dental record or dental images; however, some discreet personal information may have been present in the email accounts. The full extent of the potentially affected personal information is not yet known and will vary between persons, but it may include the following: name, address, email address, phone number, dental information, insurance information, Social Security Number, and/or financial account numbers.
How can you protect yourself?To help provide protection, PDA will offer complimentary credit monitoring and identity theft services for two (2) years for potentially affected persons. Information regarding this service will be in the notice letter mailed to you. We encourage you to call the toll‐free numbers of any of the three major credit bureaus to place a fraud alert on your credit report and order your free credit report:
- Experian: 1‐888‐397‐3742; P.O. Box 9532, Allen, TX 75013
- Equifax: 1‐800-525‐6285; P.O. Box 740241, Atlanta, GA 30374‐0241
- TransUnion: 1‐800‐680-7289; P.O. Box 6790, Fullerton, CA 92834‐6790.
RECOMMENDED NEXT STEPS IF YOU RECEIVE A NOTICE:1. Activate the credit monitoring. Follow the instructions for enrollment using your Enrollment Code provided at the top of your Notice letter and contact Experian at the number provided in the Notice if you have questions.
2. Telephone. Contact Experian at the toll-free number in your Notice to gain additional information about this Notice and speak with Experian about the appropriate steps to take to protect your credit identity.
3. Review your credit reports. We recommend that you remain vigilant by reviewing account statements and monitoring credit reports. Under federal law, you also are entitled every 12 months to one free copy of your credit report from each of the three major credit reporting companies. To obtain a free annual credit report, go to www.annualcreditreport.com or call 1-877-322-8228. You may wish to stagger your requests so that you receive a free report by one of the three credit bureaus every four months. If you discover any suspicious items and have enrolled in Experian identity protection, notify them immediately by calling or by logging into the Experian website and filing a request for help. You should also know that you have the right to file a police report if you ever experience identity fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide some kind of proof that you have been a victim. A police report is often required to dispute fraudulent items. You can report suspected incidents of identity theft to local law enforcement or to the Attorney General.
4. Place Fraud Alerts with the three credit bureaus. If you choose to place a fraud alert, we recommend you do this after activating your credit monitoring. You can place a fraud alert at one of the three major credit bureaus by phone and also via Experian’s website. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. The contact information for all three bureaus is as follows:
|Equifax Fraud Reporting 1-866-349-5191 P.O. Box 105069 Atlanta, GA 30348-5069 www.equifax.com||Experian Fraud Reporting 1-888-397-3742 P.O. Box 9554 Allen, TX 75013 www.experian.com||TransUnion Fraud Reporting 1-800-680-7289 P.O. Box 2000 Chester, PA 19022-2000 www.transunion.com|
Please Note: No one is allowed to place a fraud alert on your credit report except you.
5. Security Freeze. By placing a security freeze, someone who fraudulently acquires your personal identifying information will not be able to use that information to open new accounts or borrow money in your name. Keep in mind that when you place the freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card until you temporarily lift or permanently remove the freeze. There is no cost to freeze or unfreeze your credit files. Under federal law, you cannot be charged to place, lift, or remove a security freeze. You will need to contact Experian or the three national credit reporting bureaus listed above to place the freeze and provide some or all of the following information to the credit reporting agency, depending on whether you do so online, by phone, or by mail: 1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.); 2. Social Security Number; 3. Date of birth; 4. If you have moved in the past five (5) years, the addresses where you have lived over the prior five years; 5. Proof of current address, such as a current utility bill, telephone bill, rental agreement, or deed; 6. A legible photocopy of a government issued identification card (state driver’s license or ID card, military identification, etc.); 7. Social Security Card, pay stub, or W2; 8. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft. The credit reporting agencies have one (1) to three (3) business days after receiving your request to place a security freeze on your credit report, based upon the method of your request. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password (or both) that can be used by you to authorize the removal or lifting of the security freeze. It is important to maintain this PIN/password in a secure place, as you will need it to lift or remove the security freeze. To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must make a request to each of the credit reporting agencies by mail, through their website, or by phone (using the contact information above). You must provide proper identification (including name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report. You may also temporarily lift a security freeze for a specified period of time rather than for a specific entity or individual, using the same contact information above. The credit bureaus have between one (1) hour (for requests made online) and three (3) business days (for request made by mail) after receiving your request to lift the security freeze for those identified entities or for the specified period of time. To remove the security freeze, you must make a request to each of the credit reporting agencies by mail, through their website, or by phone (using the contact information above). You must provide proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have between one (1) hour (for requests made online) and three (3) business days (for requests made by mail) after receiving your request to remove the security freeze.
6. State Resources. Review the state resources available in your state to assist in protecting you from identity theft. A list of available resources by state follows: