A major data breach has hit Chord Specialty Dental Partners, a Tennessee-based dental service organization, compromising the personal information of more than 170,000 individuals.
The company, which operates under CDHA Management and Spark DSO, supports over 60 dental practices across six U.S. states. Earlier this month, Chord revealed a serious cybersecurity incident involving unauthorized access to several employee email accounts.
The breach was first detected in September 2024, after suspicious activity was found in one employee’s inbox. A deeper investigation uncovered that between August 18 and September 25, 2024, threat actors had gained access to multiple email accounts within the organization.
According to the official statement posted on Chord’s website, the compromised accounts contained sensitive data, including full names, home addresses, dates of birth, Social Security numbers, driver’s license details, bank account and credit card information, as well as medical and health insurance records.
Although Chord reported no confirmed misuse of the exposed information, the company acknowledged it couldn’t completely rule out the risk of unauthorized access. “At this time, Chord is not aware of any evidence to suggest that any information has been or will be fraudulently misused. However, we were unable to rule out the possibility that the information could have been accessed,” the notice stated.
The breach has been officially reported to the U.S. Department of Health and Human Services (HHS), with the total number of affected individuals listed at over 173,000. In response, Chord is offering free credit monitoring and identity protection services to those impacted.
This incident underscores a growing concern within the healthcare sector, where email-based data breaches continue to compromise patient privacy. Just recently, another major breach affected nearly 500,000 individuals at Numotion, a national provider of mobility equipment.
As healthcare organizations increasingly rely on digital communication and cloud-based tools, they remain attractive targets for cybercriminals. Experts urge providers to strengthen their email security protocols, implement multi-factor authentication, and provide ongoing employee training to reduce the risk of similar breaches.
