Pediatric Dentistry of Oklahoma Data Breach Exposes Patients Social Security Numbers

Oklahoma City, based Pediatric Dentistry of Oklahoma was involved in a data breach involving sensitive patient information. On Feb. 14, 2024, the practice’s third-party management company discovered it was the target of a sophisticated ransomware attack.

According to the data breach notification, breach was identified when the management company noticed unauthorized access to its network, prompting immediate action to secure systems and launch an internal investigation.

Forensic specialists were brought in to thoroughly examine the nature and scope of the attack. While the investigation is ongoing, current findings indicate that protected health information (PHI) and personally identifiable information (PII) of patients may have been accessed by unauthorized parties.

The types of data potentially exposed include patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, limited medical and dental histories, medical and dental diagnoses and/or treatment information, medication details and medical and dental insurance information.

This combination of PII and PHI increases the risk for affected individuals, as both identity and health information may be vulnerable.

Although the exact number of impacted individuals has not been disclosed, the breach is considered severe due to the nature of the information involved and the use of ransomware—a method that often results in data theft and potential extortion. At this time, there is no evidence that the compromised information has been misused, but the risk cannot be ruled out.

Pediatric Dentistry of Oklahoma's response

Pediatric Dentistry of Oklahoma is notifying potentially affected individuals by mail if their information was involved in the breach. The practice encourages all patients to monitor their account statements and explanation of benefits forms for suspicious activity. Additionally, individuals are advised to obtain free credit reports from the three major credit bureaus and consider placing fraud alerts or credit freezes on their accounts.

The practice has provided contact information for questions or concerns, including a dedicated phone number (405-946-2455) and mailing address (3613 NW 56th St., Suite 105, Oklahoma City, OK 73112). Patients can find further guidance on identity theft protection and credit monitoring through resources from the Federal Trade Commission at www.ftc.gov/idtheft.

Given the ransomware attack’s sophistication and the types of data exposed, it is especially important for patients to remain vigilant for signs of identity theft or fraud. Promptly reporting any suspicious activity to financial institutions, insurance providers and law enforcement is recommended.