Spark DSO, LLC and CDHA Management, LLC, also known as Chord Specialty Dental Partners, recently informed the U.S. Department of Health and Human Services’ Office for Civil Rights about encountering a data breach where unauthorized access affected the protected health information (PHI) of up to 173,430 people.
The dental service organization based in Tennessee offers business and operational support services to over 60 dental practices located in Indiana, New Jersey, Delaware, Pennsylvania, Virginia, and Tennessee. On or about September 11, 2024, Chord Specialty Dental Partners detected suspicious activity in the email account of an employee. Investigation of the incident by third-party digital forensics experts confirmed that unauthorized access by a third party led to the breach of some employee email accounts between August 19, 2024 and September 25, 2024.
A detailed and time-consuming analysis of the impacted accounts just concluded and confirmed that the following data were stored in the accounts: names, addresses, driver’s license numbers, Social Security numbers, bank account data, payment card details, birth dates, medical data, and medical insurance data. The types of data affected differed from one person to another. Although data was compromised, there was no evidence found that suggested the exposure or misuse of data.
On or about March 14, 2025, in compliance with HIPAA Breach Notification law, Chord Specialty Dental Partners started mailing notification letters to the impacted individuals, who were provided free credit monitoring and identity theft protection services as a preventative measure. Additionally, policies and procedures associated with security were reviewed and will be improved, as necessary, to avoid identical incidents later on.