Dental chain involved in ransomware coverup fined $350K
A regional chain of dental clinics denied it was hit by a 2020 ransomware attack, lied to its patients and hid the incident from regulators. Now it’s being forced to pay a $350,000 settlement for violating the Health Insurance Portability and Accountability Act (HIPAA).
The Office of the Indiana Attorney General (AG) announced it has agreed to the settlement, which stems from an October 20, 2020, cyberattack on Westend Dental. According to a subsequent investigation by authorities, the company’s network was hit by MedusaLocker ransomware, causing the loss of patient data.
Instead of coming clean, Westend Dental allegedly told its patients the data loss was a result of a hard drive failure. However, a patient seeking their dental records apparently didn't buy the story and reported the data loss to the state AG, citing a hacking incident as the cause of the missing information.
When confronted, Westend Dental allegedly denied that any data breach or ransomware attack had occurred. According to the AG, the company stuck to its story that a hard drive had been accidentally formatted, causing the loss of patient data, until a witness confessed to the breach in January 2023.
At that time, the AG launched an investigation into Westend Dental’s HIPAA-required data safeguards and found multiple violations regarding how data was stored and secured, in addition to HIPAA violations concerning the lack of proper reporting and notifications of the ransomware incident.
Court documents show that Westend Dental did not conduct a forensic investigation after the incident and did not audit what data was taken. However, given the missing patient records, data exposed to hackers almost certainly included protected health information, the Indiana AG argued.
The company has agreed to upgrade its systems in compliance with HIPAA as part of the $350,000 settlement, which serves as a penalty for violations of the law.
To date, the specific number of patients impacted remains unknown. However, Westend Dental served roughly 17,000 individuals at the time of the attack.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.