An alleged ransomware attack against 1-800-Dentist, one of the largest dental support organizations in the United States, could have exposed the personal and health information of roughly 2.3 million patients after the Qilin ransomware group claimed responsibility for the breach.
The incident affected a network that supports more than 800 dental practices across the country. According to breach notifications, attackers gained unauthorized access to the organization’s systems and exfiltrated sensitive data before deploying ransomware.
The compromised information varies by individual but may include names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, driver’s license numbers, health insurance details, treatment information, patient account records, and other medical data. Financial information may also have been exposed for some individuals.
The Qilin ransomware gang has since listed the organization on its leak site, claiming to have stolen a large volume of internal files. Like many modern ransomware operations, Qilin uses a double extortion strategy, stealing data before encrypting systems and threatening to publish the information if a ransom is not paid.
The organization said it launched an investigation with the help of external cybersecurity experts after detecting suspicious activity on its network. Impacted systems were secured, law enforcement was notified, and affected individuals began receiving breach notifications.
Healthcare organizations remain attractive targets for ransomware groups because they store large amounts of valuable personal and medical information. Stolen healthcare records can command higher prices than financial data on cybercrime marketplaces because they contain long-lasting identity information that is difficult to change.
Qilin has emerged as one of the most active ransomware operations over the past two years, targeting organizations across healthcare, manufacturing, government, and critical infrastructure. The group operates a ransomware-as-a-service model, allowing affiliates to conduct attacks while sharing ransom payments with the operators.
Patients affected by the breach are being encouraged to monitor their financial accounts, review explanations of benefits from their health insurers, and remain alert for phishing emails or fraudulent communications that reference healthcare services or insurance claims.