Notice of a Data Security Incident - Great Expressions Dental Centers

Great Expressions Dental Centers (“GEDC”) is committed to protecting the security and privacy of the information we maintain. On May 12, 2023, we began mailing notification letters to patients whose information may have been involved in a security incident that disrupted the operations of some of our IT systems.

We initially identified the incident when we experienced unusual activity on our systems, and we immediately took steps to secure our systems, launched an investigation with the assistance of a third-party forensic investigator, and notified law enforcement. The investigation determined that an unauthorized party accessed some of our systems between February 17, 2023 and February 22, 2023, and may have accessed or removed some files. We then initiated a review and analysis of those files to determine what information they contained, which is still in progress.

On April 19, 2023, through our ongoing analysis of the files that may have been involved in the incident, we determined that the files contained information belonging to some GEDC patients. The information varied per patient, but could have included one or more of the following: patient names, dates of birth, contact information, mailing addresses, Social Security numbers, driver’s license numbers, financial account information, credit or debit card numbers, diagnosis and treatment information, medical and dental history, dental examination information, charting information, treatment plans, x-ray images, dates of service, provider names, GEDC office of treatment, billing records, costs of services, prescription information and/or health insurance information. Importantly, GEDC’s electronic medical records system was NOT involved in the incident.

For patients whose information may have been involved in the incident, we recommend that they review the statements they receive from their healthcare providers and contact the relevant provider immediately if they see services they did not receive. We also encourage patients to remain vigilant to the possibility of fraud by reviewing their financial statements for any unauthorized activity and immediately reporting any unauthorized activity to their financial institution.

We take this incident very seriously and sincerely regret any concern this may cause. To help prevent something like this from happening again, we have implemented additional safeguards and technical security measures to further protect and monitor our systems. A dedicated call center has been established to answer questions about this incident, which can be reached at (866) 347-3591, Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time.