Chord Specialty Dental Partners, operated by CDHA Management, LLC and Spark DSO, LLC, has informed the U.S. Department of Health and Human Services’ Office for Civil Rights about a significant data breach involving the unauthorized access to sensitive patient information.
The Email Data Breach, which affected up to 173,430 individuals, occurred through employee email accounts and was first identified on or around September 11, 2024.
The Tennessee-based dental service organization provides operational and business support to more than 60 dental practices across several states, including Indiana, Delaware, New Jersey, Pennsylvania, Tennessee, and Virginia.
The breach occurred between August 19, 2024, and September 25, 2024, during which an unauthorized third party accessed several employee email accounts.
Upon detection of suspicious activity, Chord Specialty Dental Partners enlisted third-party digital forensics specialists to investigate the matter. A thorough investigation confirmed the compromise of various types of sensitive data, including names, addresses, Social Security numbers, driver’s license numbers, bank account information, payment card details, birth dates, medical information, and health insurance data.
The specific data exposed varied from individual to individual, but at this point, no evidence has been found suggesting that the data has been or will be misused.
To ensure transparency, Chord Specialty Dental Partners began mailing notification letters to affected individuals around March 14, 2025. As a precautionary measure, affected individuals have been offered complimentary credit monitoring and identity theft protection services.
In response to this breach, the company has reviewed and strengthened its data security practices to prevent similar incidents in the future, including implementing additional safeguards and improving internal policies and procedures related to data protection.