Nearly a year after Aspen Dental and WellNow Urgent Care's practices were impacted by a ransomware attack, the companies’ customers are starting to feel the brunt.
It seems the scammers behind the data heist are trying to leverage the stolen email addresses to get unsuspecting consumers to click on a link that puts malware on their computers and drains them of personal information and, potentially, their money.
Aspen Dental did take steps once the theft was discovered – offering free credit monitoring services, etc. – but once data has been stolen, the people behind that theft hold all the cards.
The company has acknowledged that the incident also compromised confidential patient information, including:
- Names
- Social Security numbers
- Driver’s license/state ID information
- Health information
- Health insurance information
- Birth dates
- Financial account information
- Biometric data, and
- Other sensitive information of its patients.
If you’re an Aspen Dental or WellNow Urgent customer, do not open any email
ConsumerAffairs reached out to Aspen to clarify the situation for what its customers may expect. The first thing to know is that the company is not sending out emails, only letters through the U.S. mail.
“These letters will include information about what happened, actions taken to prevent a recurrence, and steps that both patients and employees can take to protect their information. In addition, these letters will offer credit monitoring services at no cost to individuals whose Social Security numbers may have been affected,” an Aspen Dental spokesperson said.
And those scammy emails?
“We are aware of the heightened risk of phishing and scams. It is important to note that any official communications from Aspen Dental that are sent by email will bear the appropriate identifiers and will never request sensitive personal information via email," the spokeperson replied.
"We strongly advise patients to exercise caution and verify the authenticity of any digital communication purportedly from Aspen Dental.”
Further proof that we can’t be too careful
“Data breaches have become an all-too-common feature of life today and they pose a significant threat to all of us because regardless of how careful we are at protecting our personal data, we are only as secure as the companies and governmental agencies that hold our information,” Scamicide’s Steven Weisman, said.
Consumers need to remember that everything a doctor or dentist – or any healthcare provider for that matter – asks you for on an intake form does not have to be given. In Aspen Dental’s situation, much of the information that was stolen could have been protected if the customer had simply requested that it be deleted or never given in the first place.
Especially Social Security numbers.
“I suspect that a physician will argue that some of those sensitive information metrics are required to assist with claim submission or collection efforts for non-payment, which really has nothing to do with their treatment of the patient, but only to ensure payment for services rendered,” Lisa Melamed, president of Compliance & Risk Management at SCALE Healthcare, told ConsumerAffairs.
“When working with practices on drafting/tweaking intake forms, I advise that if they ask for sensitive information or open-ended questions, the practice should explain why the information is required to facilitate the patient's treatment.”
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-03-07 12:18:27
