Stolen: Data on Thousands of Williamsport Area Dental Patients

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

WILLIAMSPORT - What may be one of the largest breaches of personal information in our region`s history is coming to light now, little more than a year after workers at a dental practice in Lycoming County learned of the problem.

Stolen data includes the social security numbers of at least five thousand people from the Williamsport area, sensitive information that could be obtained by identity thieves.

The patients had no idea that personal information, including social security numbers were stolen from a dental practice in Williamsport, and was easy for anyone to get.

We showed the social security numbers that correspond to: retiree in Montoursville, a husband in Williamsport, and a woman living at a Lycoming County Assisted Living Center.

All confirmed the social security numbers were theirs.

The stolen data even appears to have included the social security number of Gabe Campana, the Mayor of Williamsport.

"I was stunned," said Campana after Action 16 Investigative Reporter Dave Bohman read him Campana's social security number.  The Mayor believes it is from the practice of a dentist who removed Campana's wisdom tooth about 20 years ago.

"Somebody who actually hacked the computer or somehow got access to those numbers, they need to be held accountable," said Campana.

"My personal opinion is an it guy had to have done this, or someone with knowledge of computers," added Justin Shafer of Dallas, Texas who informed Newswatch 16 about the breach of information.

Shafer says he's a computer tech worker who came across the breach while researching a medical office management computer program called "Dentrix" last year.

Dentrix is the most used software of its kind in the US, and Shafer says he found a copy of a Dentrix program on an internet file sharing site.

Shafer says he was curious, so he downloaded the program registered to the Lanap and Implant Dental Center in Williamsport.

And to his surprise, Shafer says it had the names, addresses and in most cases, the social security numbers of 11,000 people in the Williamsport area.

"You can just download and install it, and just use this database and surf it like you would the internet," added Shafer.

Scott McIntosh, a lawyer for the dental practice, and its owner Dr. David DiGiallorenzo called this, "An unauthorized hacking incident," adding, "Much as the sanctity of the home is violated in a burglary, this illegal intrusion has caused real and lasting damage, and Dr. DiGiallorenzo and his patients are the victims. "

When the practice learned of the breach last fall, it sent 5,000 letters to patients.

It warned them of "a data security incident."
It promised the practice "would take additional security measures."

But those people we interviewed say they never got a letter or any warning.

McIntosh says he asked the state police and the f-b-i to investigate.

But law enforcement agencies will not even confirm if a criminal investigation is underway, and the question of who stole the information from the dental offices and why, remains unanswered.

Meantime thousands of social security numbers of people in the Williamsport area remain potentially a couple of mouse clicks away from identity thieves.

"What do you do about it?," asked Joanne Weidman of Williamsport, whose social security number appears to be among those that were stolen.

"I definitely need to get on-line and check with one of these identity theft protection sites," added Adam Weaver of Williamsport.  Weaver's social security number also is on the list.

A spokeswoman for the company that makes the Dentrix software via email called the breach, "Isolated, and the only one of which we are aware," She added, "Patients visiting dentists with Dentrix software should feel confident of its security."

There is no evidence that any of the personal information taken from the Williamsport dental office has been used by identity thieves.

Patients of the Lanap and Implant Dental practice in Williamsport are urged to get their credit checked regularly.  People can get a free yearly credit check at this site, and should report any suspicious activity on their credit cards to the Pennsylvania Attorney General's Office, or local law enforcement agencies.


  • darrelldk

    So what was the outcome of the breach? Anyone know? Are the social security numbers of thousands of dental patients still available online? Anyone?

  • Josh

    This was not a HACK, The practice lost a flash drive with the data, I found a USB flash drive in the middle of the road and it had this Dentrix software on it. From the torrent:

    I found a USB flash drive in the middle of the road and it had this Dentrix software on it. I don’t know if it needs activated or who would even be looking for this type of software, but someone put on a flash drive for a reason, so here ya go. I started the installation up to the point where it asked me if I wanted to install the Server or Workstation software.

    • Josh

      Whoops, i didn’t mean to suggest I found the flash drive. This is from the comment section of the file sharing site from the person who first uploaded the data.

      • Justin Shafer

        I think it was a hacking attempt. I say that because of what the torrent said about Dentrix. He claims to have no idea who would need Dentrix. Yeah, right.. The part about leaving a flash drive in the road, could be true. But since the other statements seem to be purposely ignorant, then I have to go with this being a Hack. I think the software packaged in the torrent was the “payload” with the database being what the hacker wanted to share with the world. Most offices use Digital X-rays and the xrays will not fit on a flash drive to be used as a backup. You would need an external hard drive with a larger capacity….

  • Gus

    Hipaa has stringent procedures which outline must be done in the event of a data breach. The fine for not following that procedure is huge for a provider.

Comments are closed.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.