A security breach may have exposed the personal information of up to 122,000 Providence Health Plan dental patients in Oregon, including their social security numbers and other sensitive data.
Providence customers were notified late last month by Dominion National, the Virginia-based administrator of Providence's dental program, of an investigation it conducted in April that determined an unauthorized individual or group may have gained access to Dominion's computer servers.
The breach may have occurred as far back as 2010, Dominion's letter to patients said. Dominion didn't say why it took so long to detect the possible breach, but the company has contacted the FBI and heightened its network security.
"Through our investigation of an internal alert, with the assistance of a leading cybersecurity firm, we determined that an unauthorized party may have accessed some of our computer servers," Dominion's letter to patients said.
Dominion says the unauthorized party may have accessed information like patient names, addresses, dates of birth and social security numbers, as well as Providence enrollee information like member identification, group and subscriber numbers.
In a subsequent statement, Dominion said it began mailing notices to potentially affected customers in June.
"We regret any inconvenience or concern this may cause you," the statement said. "We want you to know that protecting your information is incredibly important to us, as is helping you through this situation by providing you with the information and support you need."
Providence's servers were not breached Its dental patients' records have been stored on Dominion's servers since 2015.
"It’s important to note there is no evidence that anyone’s information was accessed inappropriately in this incident," Providence spokesman Gary Walker told The Lund Report in an emailed statement.
But Dominion hasn't offered proof that sensitive data wasn't accessed. A spokesperson for Dominion didn't answer questions from The Lund Report about any evidence it has indicating Providence data remained secure despite the breach.
In a notice to members about the possible breach, Providence said it was notified of the incident in June.
"Dominion National and Providence Health Plan have no evidence that any information was actually viewed, accessed or has been misused. However, out of an abundance of caution, and as required by federal privacy laws, we want to let you know that this happened and assure you that we take it very seriously," the company's notice to customers said.
Dominion will provide affected members with two years of free access to credit monitoring and fraud protection services, Providence's notice said. The company is urging Providence Health Plan patients to review their explanations of benefits to ensure they aren't being charged for services they didn't receive.
