Canadian Dental Service Breached, Affecting 1.4M

In a formal incident alert, the ADSC (Alberta Data Security Corporation) disclosed that those who had enrolled in programs such as the Alberta Government’s Dental Assistance for Seniors Plan, the Alberta Government’s Low-Income Health Benefits Plans, and beneficiaries of Quikcard, have all been impacted by a ransomware attack that breached sensitive data.

The potentially compromised data varies depending on the benefits plan, but it may include names, addresses, birthdates, government-issued identification numbers, specifics related to dental benefits claims, personal bank account numbers, corporate emails, and details pertaining to corporate bank accounts.

Approximately 1.47 million individuals could have had their sensitive information compromised in the attack. Of those, only 7300 accounts had attached personal banking information. Only those who proactively gave such financial information to the ADSC could have had that data exposed.

The intrusion was initially detected on July 9th, but it wasn't until a fortnight later that the complete extent of the data breach came into focus."The period of compromise was May 7 – July 9, and the unauthorized third party accessed and copied certain data from our network before deploying the malware," ADSC said in a notice on its website.

Lyle Best, the chairman of the corporation, conveyed in an interview that payment was made to the offending ransomware gang (8base), who then allegedly deleted the stolen data as part of an agreement. The incident has been reported to the RCMP and Edmonton police, preventing the firm from revealing the ransom amount. The attack has also been reported to the provincial information and privacy commissioner.

The organization is in the process of reaching out to all those who have been impacted. If personal financial data was involved, the company will offer a complimentary free credit monitoring service.