The Toledo-based Dental Center of Northwest Ohio has disclosed that a ransomware attack affecting its local third-party IT vendor may be endangered personal data belonging to current and former patients and employees.

The IT vendor, Arakyta, informed the health care provider of the possible breach situation around Sept. 1, 2018, the health care provider said in a Dec. 28 press release.

“Based on the information provided by Arakyta, on Nov. 7, 2018, the Dental Center confirmed that systems containing Dental Center information were potentially accessible to an unknown actor,” the release states. Although there has been no evidence of unauthorized access or misuse of personal information, the Dental Center nevertheless concluded that it was necessary to notify potentially affected individuals.

In response to the incident, the Dental Center said it has launched an investigation and is offering free credit monitoring and identity theft protection services, as well as “taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security.”