Delta Dental of Arizona employee falls victim to phishing
November 13, 2019
— Delta Dental of Arizona discovered that one of its employees fell for a phishing scheme that may have led to certain personal information being misused.
Delta Dental of Arizona has not received any reports that personal information has been accessed as a result of this incident, but issued a Nov. 8 news release
“so potentially affected individuals may take steps to better protect their personal information, should they feel it appropriate to do so,” the release said.
On or around July 8, Delta Dental of Arizona became aware of suspicious activity related to an employee's email account, according to the release. Delta Dental of Arizona immediately began an investigation to assess the nature and scope of the email account activity.
The investigation learned that the employee fell victim to an email phishing scheme that allowed an unauthorized individual to gain access to the email account on July 8. Delta Dental of Arizona undertook a “lengthy and labor-intensive process,” according to the release, to identify the personal information contained in the affected account.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Phishing can also be used to deploy malware or gain access to a system.
“In an abundance of caution, Delta Dental of Arizona is notifying individuals because we have confirmed that certain personal information was present in the affected email accounts,” the release said.
Delta Dental of Arizona was unable to confirm whether any information was actually accessed by the unauthorized individual. But the investigation did discover that the information present in the affected email account may include one or more of the following: name, address, date of birth, Social Security number, member or subscription identification number, driver's license number, government-issued identification number, state identification number, passport number, financial account information, credit and/or debit card information, dental/treatment information, dental insurance information, digital signature and/or username and password.
“The security of personal information is one of Delta Dental of Arizona's highest priorities and it takes this incident very seriously,” the release said. “Upon learning of this incident, Delta Dental of Arizona immediately took steps to ensure the security of its email environment and investigate the activity. Delta Dental of Arizona is also reviewing its existing policies.”
Delta Dental of Arizona is encouraging potentially affected individuals to remain vigilant against incidents of identity theft and fraud, review account statements and monitor credit reports for suspicious activity.
To assist individuals who may have further questions about this incident, Delta Dental of Arizona has established a toll-free hotline, 1-833-281-4828, available Monday through Friday from 7 a.m. to 9 p.m. Mountain time and Saturday and Sunday from 9 a.m. to 6 p.m. Mountain time.
The ADA offers a continuing education course on phishing and ransomware at ebusiness.ADA.org/education/viewcourse.aspx?id=300
The ADA Center for Professional Success offers several ways member dentists can protect themselves against cyber attacks. Steps include training staff on basic data security, backing up data regularly and keeping a copy off-site, being wary of attachments and web links included with suspicious emails and maintaining cyber defenses such as anti-virus and anti-malware software.
To learn more, visit Success.ADA.org
Resources from the U.S. Federal Trade Commission include: