Patient Data Exposed in Cyberattacks on Dental Practices
Data breaches have been announced by Bridle Trails Family Dentistry, Verber Dental Group, and Bronsky Orthodontics. Across the three incidents, the protected health information of more than 32,700 individuals was exposed and potentially stolen.
Bridle Trails Family Dentistry
Bridle Trails Family Dentistry, a dental practice in Kirkland, Washington, has notified 20,976 current and former patients about a cybersecurity incident that occurred in the Fall of 2024 that exposed some of their personal and protected health information. According to the April 10, 2026, breach notification letters, an investigation was launched into a potential breach of its email environment, which confirmed that an employee’s email account was accessed by an unauthorized individual between November 19, 2024, and November 25, 2024. The account was reviewed, and Bridle Trails Family Dentistry learned on March 12, 2026, that the account contained a limited amount of personal and health information.
Data potentially compromised in the incident included full names, birth dates, Social Security numbers, reason for visit, medical provider name, clinical/treatment information, driver’s license numbers, taxpayer ID numbers, medical record numbers, and health insurance information. The impacted information varied from individual to individual. At the time of issuing notifications, Bridle Trails Family Dentistry was unaware of any misuse of data as a direct result of the incident. Bridle Trails Family Dentistry said it has taken many precautions to safeguard the personal and protected health information in its possession and continually evaluates and modifies its practices and internal controls.
Verber Dental Group
Verber Dental Group PC, a Camp Hill, Pennsylvania-based network of 14 dental practices, has announced a breach of the protected health information of up to 8,598 individuals. Suspicious activity was identified within its network environment on January 27, 2026. Immediate action was taken to ensure its network environment was secure, and an investigation was launched to determine whether sensitive data had been exposed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The forensic investigation determined that an unauthorized third party had access to files containing patient data, which may have been viewed or acquired between January 26, 2026, and January 27, 2026. The files on the compromised parts of its network were reviewed and found to contain names, Social Security numbers, dates of birth, driver’s license numbers, medical information, and health insurance information. Notification letters are being mailed to the affected individuals, and steps have been taken to reduce the risk of similar incidents in the future.
Bronsky Orthodontics
Bronsky Orthodontics, an orthodontic practice in New York City, has notified the HHS’ Office for Civil Rights about a breach of the protected health information of 3,183 individuals. Suspicious activity was identified within an employee’s email account on October 16, 2025. The account was immediately secured, and an investigation was launched to determine the nature and scope of the activity. Assisted by third-party cybersecurity specialists, Bronsky Orthodontics determined that a limited number of email accounts had been accessed by an unknown actor between August 18, 2025, and October 16, 2025.
The accounts were reviewed, and on March 11, 2026, Bronsky Orthodontics determined that they contained patient information such as names, dates of birth, contact information, dental and orthodontic treatment information, and insurance information. A limited number of individuals also had their financial account information, Social Security numbers, driver’s licenses, and/or other government-issued identification numbers exposed. Policies and procedures related to data privacy and security are being reviewed as a result of the incident.
