Maryland's Dental HMO Security Breach Was One Of Nearly 40 In The State Since January

A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that “this was the largest of nearly 40 breaches affecting Maryland residents” since a disclosure law went into effect in January:

Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.

The breaches have included everything from SSNs showing through envelope windows to deliberate attacks on databases by hackers. Luckily for Maryland residents, a state law ensures that you can place credit freezes with each of the three major reporting companies for $5 each.

Not a Marylander? Check this interactive map for a quick overview of what your state enforces by way of disclosure laws in the event your data is compromised.

“No sure bets in personal data security” [Baltimore Sun]

“CareFirst Dental HMO Exposes SSNs, Says You Should “Take It Seriously””
CSO Maps State By State Data Breach Disclosure Laws


Edit Your Comment

  1. Subliminal0182 says: sister just had dental work done. If she’s under 18, there’s no way to access her credit report/put a freeze on right (just in case)?

  2. macfoo says:

    Being a MD resident, I would love to know the 30+ other breaches that have occurred that are NOT mentioned in the article.

  3. The map is wrong – you’ve included two counties in VA as part of MD. The Eastern Shore (the part next to DE) doesn’t extend all the way down the Delmarva Peninsula, it stops at a point roughly where the peninsula gets thin.

    Don’t feel bad – I’ve even had to e-mail the Smithsonian Institution they had a map wrong at the Air & Space museum. Amazingly enough, they actually fixed the wrong map.

    Not that there’s anything wrong with Accomack or Northampton counties, they’re just not in MD.

  4. Chris Walters says:

    @BaysideWrestling: Thanks. Btw, I grabbed that image from the Wikipedia entry for Maryland–so that’s Wikipedia’s “official” svg image for the state. It might be worth it to go over there and post a correction, if you’re feeling Wikipedia-y.

  5. Chris Walters says:

    @macfoo: I don’t know the details, but here’s the address to the Maryland attorney general’s ID theft website. There’s some contact info there, so you may be able to request a list of breaches.

    Then again, it may be the type of info that’s distributed on a “need to know” basis for security reasons (except when it leaks to the media as with The Dental Network).

  6. Chris Walters says:

    Oops. HERE is the address, macfoo: []

  7. aikoto says:

    FYI, I live in Maryland and I have freezes on all three credit reporting agencies. Better yet, Maryland requires that all three have a simple web interface for unfreezing by Jan 2009 that takes effect in under 15 minutes. That means that by Jan 2009, simple and quick unfreezing will be available in all 50 states.

  8. mduser says:

    As a Maryland reader, perhaps it’s a good idea for me to freeze my credit reports as well, though I hope it will not be a bitch to unfreeze them before 2009 when I look for my next apartment.


  9. RobinB says:

    Another Marylander here. Got my “annual credit report” last month and everything was fine–guess with all these leaks I checked it too soon.

  10. @Chris Walters: I don’t know how to edit an svg file. And eventually, someone who does will figure it out and fix it.

  11. HughWilliams says:

    Data Security Breach notices are a matter of public record, so anyone can see them. If you need more info, the ID theft website for my office is A side note, only people who received a letter from The Dental Network or any of the other breached companies are deemed to be at risk at this time. If you didn not get a letter, your info is safe.

  12. Ben Popken says:

    The state’s recently launched online list of breaches since January here.