Getty Images/iStockphoto
Smile Brands Updates Breach Information, 2.6M Affected
Smile Brands originally reported a lower count, but new information revealed that the 2021 data breach potentially impacted nearly 2.6 million individuals.
Smile Brands updated the total number of individuals impacted in a 2021 data breach from 199,683 individuals to 2,592,494 individuals.
On April 24, 2021, Smile Brands fell victim to a ransomware attack, which led to unauthorized access to systems containing names, addresses, birth dates, Social Security numbers, financial information, phone numbers, health information, and government-issued identification numbers.
The company originally reported the incident to the Office for Civil Rights (OCR) in June 2021, saying that the April 2021 breach had impacted 1,200 individuals. That number was later updated to 199,683 individuals.
A report on the Maine Attorney General’s Office website stated that the breach potentially impacted nearly 2.6 million people, making it one of the largest breaches of 2021.
The Maine Attorney General’s Office report said that consumers were notified of the breach in September 2021, January 2022, and again in February 2022.
In its notice to Maine residents, Smile Brands said it terminated the unauthorized access promptly and launched an investigation. However, the unauthorized actor appeared to have acquired some of the data.
Smile Brands offered impacted individuals free credit monitoring services for 12 months.
OH Counseling Center Ransomware Attack Impacts 24K
New Creation Counseling Center (NCCC) in Ohio suffered a ransomware attack that impacted 24,029 individuals, according to an April 14 breach submission on OCR’s portal.
The faith-based counseling center posted a notice on its website on February 13, explaining that it ad suffered a ransomware attack on the same day. In response, NCCC shut down its network and launched an investigation.
“The ransomware has been eradicated and we are continuing to see patients,” the notice said.
Although NCCC said it had no evidence that any data was taken, it offered one year of credit monitoring to patients. The impacted database included names, addresses, emails, birthdates, Social Security numbers, intake forms, phone numbers, health insurance information, medical releases, and treatment records.
On April 12, NCCC posted another update that stated: “New Creations Counseling Center (“NCCC”) is not only committed to affordable mental health counseling and psychiatric care to all faith-orientations, genders, ethnicities and races but also committed to maintaining the privacy and security of protected health care information.”
Illinois Gastroenterology Group Suffers Breach
Illinois Gastroenterology Group (IGG) issued notification of a data breach that occurred on October 22, 2021. On November 18, an investigation revealed that an unauthorized actor had “gained access to certain IGG systems and that information contained in those systems may have been viewed or taken by the unauthorized actor.”
Despite the November discovery, IGG issued its notice on April 22, 2022. In March, IGG had determined that names, Social Security numbers, driver’s license and passport information, financial account information, payment card information, addresses, birth dates, employer-assigned identification numbers, biometric data, and medical information were potentially impacted.
“IGG takes this incident and the security of personal information in its care seriously. IGG moved quickly to investigate and respond to this incident, assess the security of its systems, and notify potentially affected individuals,” the notice stated. It is unclear when impacted individuals were first notified of the incident.
IGG said it immediately reset passwords and implemented multifactor authentication and an endpoint detection and response platform.