#5e2d92_SMALL_Nov-Dec 2024 DRA Journal Cover

From myth-busting photobiomodulation therapy to showcasing advanced aesthetic cases, this issue delivers practical insights for modern dental practice. Explore evidence-based techniques in implant and veneer rehabilitation, essential guidance on monkeypox protocols, and strategies for enhanced patient communication.

>> FlipBook Version (Available in English)

>> Mobile-Friendly Version (Available in Multiple Languages)

Click here to access Asia's first Open-Access, Multi-Language Dental Publication

US Dental Practice Fined $350K Over Data Breach Concealment

State Investigation Reveals Delayed Breach Reporting

USA: An Indiana dental practice, Westend Dental, has agreed to pay $350,000 in settlement fees following allegations of concealing a 2020 ransomware attack, as reported by bankinfosecurity.com. The case came to light through an investigation initiated by Indiana Attorney General Todd Rokita, prompted by a patient complaint regarding inaccessible dental X-rays.

Details of the Ransomware Attack

According to the federal lawsuit filed on December 23, 2024, the incident occurred at one of Westend Dental’s locations in October 2020. The practice, which operates six facilities across Indianapolis and Lafayette, allegedly failed to conduct any forensic investigation or notify affected individuals whose protected health information was compromised.

Misrepresentation of the Incident

The lawsuit reveals that Westend Dental’s handling of the breach raised significant concerns. As stated in the legal documents, “Although Westend Dental was legally required to report the data breach directly to the Office of Attorney General, the OAG discovered the data breach through its investigation of a consumer complaint made by a Westend Dental patient.”

Delayed and Inaccurate Reporting

When the practice finally reported the breach in October 2022, they claimed it affected fewer than 500 individuals and mischaracterized the incident as a formatting error rather than a cybersecurity breach. The state alleges that Westend was aware of both the malware encryption of their files and a ransom demand from the cybercriminal group MedusaLocker.

Settlement Terms and Requirements

Under the proposed consent order, Westend Dental must implement comprehensive data security measures and HIPAA compliance protocols. Due to the lack of a forensic investigation, the practice is required to notify all patients as of November 2023 about the potential exposure of their information.

Additional HIPAA Violations

The investigation also uncovered separate HIPAA privacy violations related to the practice’s social media presence. These violations involved unauthorized posting of patient information and photographs, including those of minors, without proper consent. This follows a broader pattern of concern regarding healthcare providers’ social media practices, as evidenced by similar cases in recent years.

Historical Context

This case reflects an ongoing trend of regulatory enforcement in healthcare privacy. In 2022, federal regulators took action against a Los Angeles dental practice, resulting in a $23,000 fine for inappropriately disclosing patient information in response to Yelp reviews.

The information and viewpoints presented in the above news piece or article do not necessarily reflect the official stance or policy of Dental Resource Asia or the DRA Journal. While we strive to ensure the accuracy of our content, Dental Resource Asia (DRA) or DRA Journal cannot guarantee the constant correctness, comprehensiveness, or timeliness of all the information contained within this website or journal.

Please be aware that all product details, product specifications, and data on this website or journal may be modified without prior notice in order to enhance reliability, functionality, design, or for other reasons.

The content contributed by our bloggers or authors represents their personal opinions and is not intended to defame or discredit any religion, ethnic group, club, organisation, company, individual, or any entity or individual.

Leave a Reply

Your email address will not be published. Required fields are marked *