Three dental practices in the United States recently disclosed data breaches involving a significant amount of sensitive patient information.
32 Pearls Dental Clinic in Washington State, West Texas Oral and Facial Surgery in West Texas, and Mid America Health in Indiana all confirmed that their systems had been accessed without authorization, exposing some patient data.
32 Pearls Dental Clinic, operated in Seattle and Tacoma, Washington, and managed by Dr. Michael Bilikas and his team, recently reported a ransomware attack that occurred between May 19 and 22, 2025.
The attackers encrypted the practice’s system files and may have accessed or stolen sensitive data, including patient names, addresses, driver’s license numbers, Social Security numbers, and medical information.
The practice has completed a file review and sent notifications to 23,517 current and former patients, offering free credit monitoring and identity theft protection. The practice is strengthening its internal security procedures to prevent similar incidents from occurring again.
West Texas Oral and Facial Surgery Clinic in Lubbock, Texas, experienced a network outage on May 29, 2025. A third-party cybersecurity investigation confirmed unauthorized access to its network.
The incident affected 11,151 patients, compromising information including names, imaging files (some with birthdates), and the reason for their visit. Fortunately, their electronic medical records (EMRs) were not compromised, and neither Social Security numbers nor financial information was affected.
The ransomware group Inc Ransom claimed responsibility for the attack and listed the clinic in its data breach advisory on June 18, 2025. The clinic is currently working to strengthen its system security.
Mid America Health, headquartered in Greenwood, Indiana, provides dental and general medical services to government agencies and recently reported an incident involving unauthorized access to personal information to the Massachusetts Attorney General.
While the advisory did not disclose details of the incident, it confirmed that the compromised information included names, Social Security numbers, and financial account information. Affected individuals have been offered 24 months of free credit monitoring. The number of individuals affected has not yet been disclosed.
All three institutions have taken countermeasures, strengthened security measures, and warned patients to be vigilant about potential identity theft risks. This incident once again highlights the cybersecurity challenges facing the healthcare industry.