Facial and Dental Specialist, Fairfax, Announces Leak; 235,000+ Victims
Table of Contents
- By Steven
- Oct 18, 2023
Fairfax Oral and Maxillofacial Surgery serves the residents of Northern Virginia and the surrounding region. They employ a ten-person surgery team with six locations. Fairfax has been the target of a data breach, creating over 235,000 potential victims; your information may be at risk if you’ve been a patient of an associated facility.
How Did the Attack Occur?
As reported in their website breach notification, an unauthorized party accessed their computer network in May. We don’t have other details beyond the alert from the Attorney General of Maine, which lists the breach as an “external system breach (hacking).” There are no details about how the assault was possible; the threat actors may have leveraged a backend vulnerability, jumped from another network or socially engineered the situation. Although we don’t know much about the attack, Fairfax has said they do not have evidence of files leaving the systems; this doesn’t mean the threat actor doesn’t have the data. Those receiving a breach notification from Fairfax must take immediate action to protect themselves from victimization.
What Information was Viewed or Stolen?
The information lost varies between individual records. The Main Attorney General reported that assailants may have put 235,931 records at risk following the breach. If the hackers stole your information in the assault, your personal and medical information is at risk. The accessed data included patient names, driver’s licenses, medical histories, health insurance, and Social Security Numbers (SSN). That’s enough information for any opportunist to take advantage of you and the services entitled to you.
How Did Fairfax Admit to the Breach?
Between May 15th and 16th, an unauthorized party breached Fairfax’s systems. On May 16th, Fairfax detected the incident following the subsequent encryption of specific files within their system. A month later, on July 11th, they determined the encrypted files contained personal information belonging to specific people. Three days later, on July 14th, they began sending breach notifications to those whose information was accessed. On September 14th, an internal investigation confirmed that the breach may have impacted some individuals; a month later, on October 12th, Fairfax began sending additional notifications to those with expected data risk. If you’ve received a breach notification from Fairfax, act immediately to protect your data from future risk.
What Will Become of the Stolen Information?
Although Fairfax does not have evidence of the misuse of the stolen information, consumers are encouraged to take protective measures. The credentials taken from each record vary depending on the individual, which puts every record under unique threat. Those who have had their personally identifiable information stolen could be at risk for identity fraud. Simultaneously, those with medical history and health insurance numbers stolen may be at risk for medical fraud. Regardless of your information’s threat, taking active steps to secure it is the best way to limit damages.
What Should Affected Parties Do in the Aftermath of the Breach?
If hackers accessed your information in the data breach, you could still prevent most misuse. Begin by updating or changing the accessible account details of the associated data. Engage identity monitoring services to watch for misuse of personal information like SSNs and driver’s licenses. Additionally, request an Explanation of Benefits every six months to a year. Take special care to note if the benefits don’t match your record or if there are services listed that you did not obtain. Both are signs you could be a victim of medical fraud. Also, never confirm information about yourself online, over the phone, or with anyone but trusted services.