ProSmile Holdings, a dental service organization based in New Jersey, began informing patients on December 22, 2023, regarding a breach in its email system. Detected in July 2022, the suspicious activity prompted an investigation by a third-party cybersecurity firm to assess potential exposure or compromise of sensitive data. Confirmation arrived on December 1, 2022, revealing unauthorized access to numerous email accounts.
Names, birthdates, Social Security numbers, driver’s license information, financial accounts, payment card details, medical treatment specifics, diagnoses, provider information, prescriptions, and health insurance data were among the compromised information. While the breach was disclosed on March 28, 2023, specifics regarding the affected individuals and exposed data remained elusive. Notably, the breach has yet to surface on the HHS’ Office for Civil Rights breach portal, leaving the precise scope of impact uncertain.
The timeline for discovery, review initiation, and completion raises questions, with a five-month delay in identifying the compromised patient data, an additional two months to commence document scrutiny, and ten months for its culmination. The initial breach announcement arrived seven months post-incident, and individual notifications have been issued after a 17-month interval.
