Cybersecurity

Alberta Dental Service Corporation data breach impacts 1.5 million customers

Canda-based dental benefits administrator Alberta Dental Service Corportation (ADSC) recently suffered a malware-based cyber attack which exposed the data of more than 1.5 million customers.

The cyber security incident was discovered on July 9 after a malicious actor gained access to ADSC’s systems. The hacker then deployed malware, encrypting some of the company’s data and systems, meaning they were temporarily inaccessible.

In response to the cyber attack, the ADSC immediately deployed mitigation tactics to secure its data and network from further unauthorized access. A forensic investigation into the cyber attack was also launched, in addition to reporting it to the authorities and employing a third-party cyber security service.

The investigation into the cyber attack revealed that the malicious actor has access to ADSC’s systems between May 7 and July 9. During this time, the hacker copied data from ADSC’s systems before deploying the malware. 

Data copied during the cyber attack included:

  • The name, address, personal health number, date of birth and dental benefits claims information for all those who enrolled in the Alberta Government’s Dental Assistance for Seniors Plan at any time between July 1, 2015, and July 9, 2023. These individuals may have had their personal bank account number accessed during the cyber attack if they provided this information to ADSC to facilitate direct electronic claims payments.
  • The name, date of birth, details relating to your dental benefits claims and government issued identification number for all those who enrolled in any of the Alberta Government’s Low-Income Health Benefits Plans between January 1, 2006, and July 9, 2023.
  • The corporate name, corporate bank account, corporate mailing and email address and your license number of all those who enrolled with Alberta Dental Service to receive direct payment for eligible health claims of their patients at any time between January 1, 2010, and July 9, 2023.

It is predicted that more than 1.5 million patients were impacted by the data breach. The ADSC will be contacting all those impacted by the cyber attack, in addition to setting up a dedicated call center for the cyber attack.