Dr. Zachary E. Adkins DDS (“Dr. Adkins”) of Albuquerque New Mexico has advised its patients of a privacy event that may have compromised certain personal information. The events are the result of criminal activity.
On November 30, 2017, a laptop bag containing an external hard drive from Dr. Adkins’ office was stolen. The hard drive contained backup files from two programs used in his office – Florida Probe and Dentrix. The files in the Florida Probe backup were unencrypted, but contained only limited information of patient names and corresponding teeth pocket depth measurements that are used for periodontal exams. The files in the Dentrix backup contained patient names, addresses, phone numbers, dates of birth, Social Security numbers, treatment information, and insurance information. The Dentrix backup is protected within the software through Dentrix’s data-masking techniques that use cryptographic technology. It would be accessible only to someone who had the Dentrix software along with Dr. Adkins’s unique software serial number and Dr. Adkins’s Dentrix username and password. No financial information, bank account information, or credit card numbers are kept on file by Dr. Adkins, so none of that information has not been compromised as a result of this incident.
Since Dr. Adkins has not yet been able to recover the stolen hard drive, he is unable to confirm whether the criminal actually accessed or acquired any patient information. However, out of an abundance of caution, Dr. Adkins has notified all potentially affected individuals about the issue and offered them free identity theft protection services. Dr. Adkins also reported the incident to law enforcement and will continue cooperating with any investigation.
“We take great pride in providing excellent quality dentistry with integrity and compassion. We take patient privacy very seriously, and we are very sorry for any concern or inconvenience this incident has caused or may cause anyone who has been affected,” said Dr. Adkins.
Those who believe they may have been affected by this incident may call Dr. Adkins’s dedicated, toll-free incident response hotline at (800) 310-0268 for more information.
Dr. Adkins is a dental provider located in Albuquerque, New Mexico that provides preventative, rehabilitative, and cosmetic dental services.
Source: Zachary E. Adkins, DDS
Update: So I wasn’t believing the reassurances about how Dentrix protected the patient data. Specifically, where the dentist claimed:
[The data in Dentrix] would be accessible only to someone who had the Dentrix software along with Dr. Adkins’s unique software serial number and Dr. Adkins’s Dentrix username and password.
So I reached out to Justin Shafer, who has done a lot of research on Dentrix security, including reporting vulnerabilities in their software to the government. Shafer and I had collaborated on a complaint to the FTC about Schein advertising an early version of Dentrix as providing “encryption.” But even now, this dentist, while not claiming the data “encrypted,” is claiming that you’d need things you reportedly do not need to access the data on the stolen drive.
Shafer explains what he believes is wrong with the dentist’s reassurances in a blog post on his blog.
Someone wrote a blog post about this:
http://justinshafer.blogspot.com/2018/01/someone-had-their-hard-drive-stolen.html