Cyber Incident

Thank you for visiting ADSC’s webpage regarding the recently announced data breach. This webpage provides information for individuals and dental providers who ADSC serves through various Government of Alberta dental programs. If you are a Quikcard client, please visit www.quikcard.com/cyberincident.

ADSC takes the security of personal information in our care very seriously. Accordingly, we are providing this webpage to advise you of the recent cybersecurity incident, the steps we are taking to bolster the protection of the personal information in our custody and provide you with information on additional steps you can consider taking to protect yourself.

BACKGROUND

Alberta Dental Service Corporation (“ADSC”) works in partnership with the Government of Alberta to administer dental benefits through the Dental Assistance for Seniors Program (DASP) and through Alberta’s Low-Income Health Benefits Program which includes Assured Income for the Severely Handicapped (AISH), Alberta Adult Health Benefit, Alberta Child Health Benefit and Income Supports. Through our relationship with the Government of Alberta, we have obtained and utilize some of your personal information to allow us to provide you with dental benefits. The Government of Alberta is the custodian of the personal health information in ADSC’s possession which was impacted by this incident.

WHAT HAPPENED

On July 9, 2023, we discovered that an unauthorized third party gained access to a portion of our IT infrastructure and deployed malware which encrypted certain of our systems and data, rendering them temporarily inaccessible. We immediately deployed countermeasures to secure our network and data from further unauthorized access and engaged third-party cybersecurity experts to assist with containment, remediation and to conduct a forensic investigation into the nature and extent of this incident. Fortunately, we were able to recover the affected systems and data from backups with only minimal data loss.

Our investigation into this incident is ongoing. However, we have determined that the period of compromise was May 7 – July 9, 2023, and the unauthorized third party accessed and copied certain data from our network before deploying the malware. We have recently completed a detailed review of the affected data in order to identify those impacted.

WHO WAS IMPACTED AND WHAT INFORMATION WAS IMPACTED

 

Dental Assistance for Seniors Plan clients 

 

If you were enrolled in the Alberta Government’s Dental Assistance for Seniors Plan at any time between July 1, 2015, and July 9, 2023, then the following information may have been compromised: name, address, personal health number, date of birth and details relating to your dental benefits claims. 

 

Additionally, if you provided your banking information to Alberta Dental Service Corporation to facilitate direct electronic claims payments, then your personal bank account number may have been compromised. 

Low-Income Health Benefits Plan clients 

If you were enrolled in any of the Alberta Government’s Low-Income Health Benefits Plans which includes Assured Income for the Severely Handicapped (AISH), Alberta Adult Health Benefit, Alberta Child Health Benefit and Income Supports at any time between January 1, 2006, and July 9, 2023, then the following information may have been compromised: name, date of birth, details relating to your dental benefits claims and government issued identification number. 

Dental Services Providers 

If you have enrolled with Alberta Dental Service to receive direct payment for eligible health claims of your patients at any time between January 1, 2010, and July 9, 2023, then the following information may have been compromised: corporate name, corporate bank account, corporate mailing and email address and your license number. 

RISK OF HARM

Affected individuals and organizations are at risk of harms including phishing, embarrassment, hurt or humiliation as a result of this incident. Individuals and organizations whose banking information was impacted by this incident are also at risk of potential fraud or identity theft. ADSC’s assessment of these potential harms included a consideration of all surrounding circumstances, including the malicious actions of an unidentified third party, and the types of information found to have been impacted.

WHAT WE HAVE DONE

We have security measures in place that allow us to take prompt action against attempted intrusions into our network. Those measures were implemented here, however, incidents of this nature are unfortunately not always preventable. We are working with leading third-party cybersecurity experts to complete a comprehensive investigation and have implemented enhanced security safeguards to better prevent against an incident of this nature from occurring in future.

We have also taken steps to ensure that any personal information which was accessed or copied from our systems has been deleted and protected against fraudulent misuse.

Finally, we have reported this incident to law enforcement.

WHAT WE ARE DOING NOW

We have sent direct mail notifications for those DASP clients who may have had their personal banking information impacted. If you believe you may have had your personal banking information on file with ADSC and you have not received a letter by August 25, 2023, please contact the dedicated call centre to inquire.

We will prepare direct mail notifications to other impacted individuals shortly thereafter. We will update this webpage with more specific timing in the near future.

To reach our dedicated call centre to answer your questions regarding this incident, please call 1.833.545.2197.  Hours of operation are Monday through Friday from 8:00am to 8:00pm EST with weekend coverage of 9:00am to 5:00pm EST.

WHAT YOU CAN DO NOW

Remain vigilant – We encourage you to remain vigilant regarding threats of identity theft or fraud by engaging in the following best practices:

  • If you receive emails, telephone calls or text messages asking for your financial or any other personal information you were not expecting, particularly if they purport to be from ADSC, please consider such communications to be fraudulent and contact us immediately to verify their authenticity.
  • Monitor your bank accounts and credit history to guard against any unauthorized transactions or activity. If you have any doubts or notice any suspicious or potentially fraudulent activity on your credit or debit card, we recommend you contact your financial institution and report the incident to local law enforcement immediately.
  • Change online passwords for your financial and other sensitive accounts regularly and make sure they are secure.
  • Never respond to unsolicited requests for your financial information and be careful when sharing your personal information unsolicited, whether by phone, email or on a website.
  • Avoid clicking on links or downloading attachments in suspicious emails.

The following website offers additional tips and resources to help you protect your identity: https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/.

The following website offers information on how to access your credit score: https://www.canada.ca/en/financial-consumer-agency/services/credit-reports-score/order-credit-report.html

Finally, you are entitled to ask the Information and Privacy Commissioner of Alberta to investigate this incident  should you wish to do so. You can contact the IPC at:

Office of the Information and Privacy Commissioner (Calgary)
Suite 2460, 801 6 Avenue SW
Calgary, AB     T2P 3W2

Office of the Information and Privacy Commissioner (Edmonton)
#410, 9925 – 109 Street NW
Edmonton, AB     T5K 2J8

FOR MORE INFORMATION

We apologize for any inconvenience or concern this incident may cause you.

Thank you for your patience and understanding.

For more information, read the ADSC Cybersecurity Incident FAQs

To check if you were affected, please click here