Important Notice Regarding GDPR Data Breach Incident

We would like to make all patients aware of a recent data security incident that may have affected your personal data. As an organisation, Diamond Court Dental Practice is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This notice is issued in line with our obligations under GDPR Article 33, which mandates that we notify patients when their data may have been compromised in a data breach.

What Happened?

On Tuesday 9th September 2025, we became aware of a breach in our systems that resulted in the unauthorised access to certain personal data. The breach occurred at approximately 1.48pm on 9th September when a phishing e-mail was sent to all the e-mail addresses that had previously received an e-mail from our Practice account.  The e-mail contained a link to a website requesting payment for our services.

Upon discovering the unauthorised e-mail, we immediately suspended our e-mail account and took the necessary actions to mitigate the impact and ensure the safety of your data.

We acted swiftly by launching an internal investigation and engaging third-party cybersecurity experts to assist. We also notified the relevant supervisory authority, the Information Commissioner’s Office (ICO), as required under GDPR.

What Information Was Affected?

The breach involved subject’s e-mail addresses.

No access was gained to any other personal data.  Health, financial and dental records remained secure and were not accessed by any third parties.

Measures We Have Taken to Ensure GDPR Compliance

In accordance with GDPR, we have taken the following steps:

1. Promptly reported the breach to the ICO within 72 hours of discovery, as required by GDPR Article 33.
2. Engaged cybersecurity experts to investigate the incident, identify the source, and address any vulnerabilities in our system.
3. Implemented additional security measures to prevent further unauthorised access, including the changing of passwords.
4. Informed all patients that, in compliance with GDPR Article 34, their data may have been impacted by this breach.  Attempts were made to warn all patients of the breach via a text message* which was then followed up by either an e-mail or a letter.

*Please note that due to restrictions in the number of allowable characteristics and the volume of text messages that had to be sent out, the end of the text message that you received may have been missed off.

What You Can Do

We would encourage all patients to delete the unauthorised e-mail without opening it up.  We would also advise patients to run their anti-virus software to check for viruses or malware on their personal computers and devices.

Next Steps

We are continuing to monitor the situation closely and will provide updates if further significant developments arise. If you have any concerns or would like more information regarding your rights under GDPR, please feel free to contact us by phone on (01629) 812991 or by writing to the address at the bottom of this page.  We are also happy to provide additional details on the measures we’ve taken to safeguard your data and our ongoing efforts to prevent future incidents.

We would like to take this opportunity to sincerely apologise for any inconvenience, distress or upset this incident may have caused and appreciate your understanding as we address this matter.

Yours sincerely,

Paul Flint