ProSmile’s Breach Disclosure Raises More Questions Than It Answers
Picture this: a dental company in the States, let’s call them “Grin Galaxy”, not-so-quietly revealed back in December they’d suffered a bit of a data breach kerfuffle. Now, as there haven’t been any reports surfacing on American Health Department’s public breach tool, it’s got a few eyebrows raised.
As the story goes, the alarm bells started ringing for Grin Galaxy back in July when they spotted something a bit rum in their email system. So, ever the cautious ones, they called in a crack squad of cybersecurity sleuths to give the situation a good once-over. Lo and behold, personal and health-related private data may have been peeked at without permission.
So then, Grin Galaxy buckled down, kicked off a sweeping review to get a handle on what data was potentially compromised. Once they concluded their data sleuthing, they took a while to track down current contact info for the possibly affected individuals. All that wrapped up by the end of November.
Chillingly, the types of data potentially being ogled included names, birth dates, flashy American social security numbers, license info, bank details, and a whole load of health-related mumbo jumbo. Given the time elapsed between blooper spotting (July) to the affected being informed (December), well, that’s got more than a few knickers in a twist.
Rolling the clock back, it seems there was an earlier announcement about this hiccup back in March. Long story short, they became aware of an incident involving their email system back in July, summoned a cybersecurity team to do a deep dive investigation, and confirmed a bunch of their email accounts had been accessed without authorisation.
They identified that personal and health data had likely been exposed but, until that point, there wasn’t any evidence to suggest any of the data had been misused. So, they got to work notifying every potentially-impacted individual even though they couldn’t confirm how many folks were involved or exactly what data had been revealed about each.
Grin Galaxy asserted they took the protection of personal and health data very seriously and assured folks they’d be sending out information about how individuals can protect their sensitive information. Regret was expressed about any potential inconvenience or concerns this incident may have caused.
Despite the assurances, one big question lingers: what exactly has Grin Galaxy done since the initial July mega-woopsie to stop anything similar from happening again? With multiple email accounts affected, what steps have they taken to make sure a similar devil doesn’t take down their system in the future? Answer came there none. It does rather put the wind up you, doesn’t it?
by Parker Bytes