In 2025, dental practices across the U.S. faced major cyberattacks, exposing patient data. Breaches reveal technical vulnerabilities, delayed responses, and rising risks, highlighting the importance of cybersecurity in ensuring patient care and trust.
By Theresa Ahearn
Cyberattacks are on the rise, and dentistry is no exception. In 2025 alone, breaches at dental practices exposed the personal data of hundreds of thousands of patients. The stolen information included names, birth dates, insurance details, Social Security numbers, and even dental records details that can be used for identity theft and fraud. Both large providers with multiple locations and small community clinics were targets. For patients, the impact is not only financial but also deeply personal. For dental practices, the consequences extend beyond regulatory fines to reputational harm.
Dental Providers Confront Escalating Cyber Risks
Absolute Dental, a large provider in Nevada, reported in early 2025 that hackers had accessed records for approximately 1.22 million patients. The data included dates of birth, insurance details, and, in some cases, financial identifiers. Regulatory notifications were triggered across multiple states, and subsequent filings revealed challenges in meeting statutory deadlines. In February 2025, True Dental Care for Kids and Adults in Pennsylvania disclosed a ransomware attack affecting 17,640 patients. Hackers retrieved patient data, encrypted files, and issued a ransom demand. The practice did not pay, but restored systems from backups. Compromised data included names, dates of birth, addresses, phone numbers, and medical and dental records. Although no misuse has been reported, the practice notified patients and introduced stronger safeguards to prevent future breaches.
When Breaches Become Settlements
Smaller providers have also been targeted, with some cases escalating into costly legal consequences. In Indiana, Westend Dental paid a $350,000 settlement after regulators found the practice had delayed notifying patients of a ransomware attack. Investigators determined the scope was initially downplayed, a misstep that worsened both legal and financial fallout. The case is now cited as proof that timely disclosure and transparent communication are essential for compliance and patient trust.
Just months later, Welcome Dentistry, a multi-location practice in California, reported a hacking incident to the U.S. Department of Health and Human Services. The breach exposed personal and health data of more than 1,000 patients, including Social Security and driver’s license numbers, insurance information, dental records, and payment data. The practice later committed to notifying affected patients and advising them to monitor their financial accounts and credit reports to guard against identity theft or fraudulent medical activity.
Breaches at Larger Dental Groups
The risks grow even more complex when large networks are breached. In March 2025, Chord Specialty Dental Partners, a support group serving practices in several states, reported an email breach that exposed about 173,000 records. Notifications stretched over weeks, underscoring the difficulty of managing incidents across multiple jurisdictions. Experts have noted that such groups are especially appealing targets because they consolidate data from multiple practices into a single system. In May 2025, 32 Pearls, a single-location office in Washington state, reported a ransomware attack that compromised more than 23,000 patient records. The data included insurance information and personal identifiers, showing that even small practices remain vulnerable when defenses are weak. The case reinforced a sobering reality: practice size offers no protection against determined attackers.
Cybersecurity Is Essential to Dental Care
Dental providers are firmly on the radar of cybercriminals, and protecting patients now means protecting their data and the reputation of the practice. Ransomware and email phishing schemes remain the most common attack methods. Delays in reporting and poorly managed responses make the fallout worse, resulting in fines and increased anxiety for patients. While the financial costs are significant, the long-term loss of trust can be even more damaging. For dentistry, the takeaway is clear: cybersecurity is no longer just a potential risk, it is a responsible part of patient care. Practices must be prepared to strengthen their defenses, develop response plans, and communicate openly with patients in the event of an incident.
References
32 Pearls. (2025, May). 32 Pearls notifies patients of ransomware attack affecting 23,500 individuals. https://beyondmachines.net/event_details/32-pearls-dental-practice-hit-…
Alder, S. (2025, April 15). Ransomware attack announced by True Dental Care for kids and adults. HIPAA Journal. https://www.hipaajournal.com/ransomware-attack-true-dental-care-for-kid…
Absolute Dental. (2025, Early). Data breach notification: Unauthorized access affecting 1.22 million patients. Washington State Office of the Attorney General. https://www.absolutedental.com/notice-of-a-data-incident/
Claim Depot. (2025, August 27). Welcome to Dentistry: Data Breach Affects 1,001 Patients. Claim Depot. https://www.claimdepot.com/data-breach/welcome-dentistry-2025?utm_sourc…
Chord Specialty Dental Partners. (2025, March–April). Email compromise incident affecting 173,000 patients. HIPAA Journal. https://www.hipaajournal.com/chord-specialty-dental-partners-data-breac…
Decisions in Dentistry. (2025). Westend Dental agrees to $350,000 settlement over ransomware breach and delayed notification. https://decisionsindentistry.com/2025/01/dental-practice-faces-350000-f…
Author: Theresa Ahearn is a freelance writer who lives in Oak Ridge, Tennessee. She received her Bachelor of Arts from the New York Institute of Technology and her Master of Science from Central Connecticut State University. When not writing, she can be found fishing or traveling.
