Chord Specialty Dental Partners, a multi-state dental service organization, has disclosed a significant data breach involving unauthorized access to employee email accounts containing sensitive patient information. The incident has affected approximately 173,430 individuals across six states.

The Breach: What Happened

On September 11, 2024, suspicious activity was detected within an employee email account at Chord Specialty Dental Partners (formerly operating as CDHA Management, LLC and Spark DSO, LLC). Following this discovery, the organization immediately engaged digital forensics specialists to investigate the suspicious activity.

The investigation uncovered an alarming fact: unauthorized access to several employee email accounts had occurred over a period of more than a month—from August 19 to September 25, 2024. This extended timeframe gave intruders ample opportunity to access sensitive information stored within these accounts.

Scope of Compromised Information

After completing what was described as a “comprehensive and time-intensive review” of the affected accounts, Chord confirmed that a wide range of highly sensitive personal and medical information was potentially exposed, including:

  • Names and addresses
  • Social Security numbers
  • Driver’s license numbers
  • Banking information
  • Payment card details
  • Birth dates
  • Medical records
  • Health insurance information

The company noted that the specific types of information exposed varied from patient to patient, depending on what data was stored in the compromised email accounts.

Response and Notification Process

Timeline of Response Actions

The organization waited until March 14, 2025—nearly six months after the initial discovery—to begin notifying affected individuals. This delay was likely due to the extensive forensic investigation required to determine precisely what information was exposed and which patients were affected.

Protective Measures Offered

As part of their response, Chord is offering:

  • Complimentary credit monitoring
  • Identity theft protection services

These services are being provided “out of an abundance of caution,” despite the company stating that they have found no evidence that the exposed data has been misused.

About Chord Specialty Dental Partners

Chord Specialty Dental Partners serves as a dental service organization providing business and operational support to more than 60 dental practices across multiple states including:

  • Indiana
  • Delaware
  • New Jersey
  • Pennsylvania
  • Tennessee
  • Virginia

Their services enable dental practices to focus on patient care while Chord handles administrative, financial, and operational aspects of running a dental practice.

Future Security Enhancements

In response to this incident, Chord has committed to reviewing and enhancing their data security policies and procedures to prevent similar breaches in the future. However, specific details about these enhancements were not disclosed in their notification.

What Patients Should Do

While the company hasn’t reported any misuse of the exposed information, patients should remain vigilant. Affected individuals should:

  • Monitor credit reports regularly
  • Review insurance statements carefully
  • Consider placing fraud alerts with credit bureaus
  • Utilize the offered identity protection services

Source: THJ

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments