Data Breaches Announced by Three Oral Healthcare Practices
Data breaches have been announced by the Washington dental practice 32 Pearls, West Texas Oral Facial Surgery, and the Indiana dental and general healthcare services provider Mid America Health.
32 Pearls, Washington
Dr. Michael Bilikas and Associates, doing business as 32 Pearls, a dental practice with locations in Seattle and Tacoma in Washington state, has recently disclosed a security incident that was detected on May 22, 2025. Ransomware was used to encrypt files on its systems, and third-party cybersecurity experts were engaged to determine the scope of the incident. They concluded that the ransomware actor had access to certain systems between May 19, 2025, and May 22, 2025, and may have viewed or acquired files containing patient data.
The file review has recently been completed, and notifications are being sent to 23,517 current and former patients, who have been offered complimentary credit monitoring and identity theft protection services. Information exposed in the incident included full names, addresses, driver’s license numbers, Social Security numbers, and medical information. At the time of issuing notifications, the practice was unaware of any misuse of patient information as a result of the incident. Internal processes are being reviewed, and security measures have been enhanced to prevent similar incidents in the future.
West Texas Oral Facial Surgery
West Texas Oral Facial Surgery in Lubbock, Texas, has notified 11,151 patients about a security incident in which some of their protected health information may have been compromised. The practice experienced network disruption on May 29, 2025, and engaged third-party cybersecurity experts to investigate and determine the nature and scope of any unauthorized activity.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The investigation confirmed that there had been unauthorized access to its network, and patient data may have been compromised. The substitute breach notice does not state when the unauthorized access occurred. The file review was completed on July 18, 2025, and confirmed that the exposed data included first and last names, imaging files, which in some cases included birth dates, and the reason given for seeking treatment. The electronic medical record system was not accessed, and Social Security numbers and financial information were not involved. Cybersecurity experts are conducting a review of systems, security, and practices, and measures will be taken to improve security. The Inc Ransom ransomware group claimed responsibility for the attack and added West Texas Oral Facial Surgery to its data leak site on June 18, 2025.
Mid America Health, Indiana
Mid America Health, a Greenwood, IN-based provider of dental and general healthcare services to state and federal government agencies, has notified the Massachusetts Attorney General about a data incident that involved unauthorized access to personal information. The notification provides no information about the nature of the data incident, such as when it occurred, or what happened, only stating that the breached information included first and last names, Social Security numbers, and financial account information, and that the affected individuals have been offered complimentary credit monitoring services for 24 months.
Individual notification letters were mailed to the affected individuals on July 31, 2025. There is currently no listing on the HHS’ Office for Civil Rights breach portal, so it is unclear how many individuals have been affected.
