Upper Dublin Family Dentistry Data Breach Affects 5,000 People

On May 13, 2025, Upper Dublin Family Dentistry discovered that an unauthorized party had gained access to its computer systems and deployed malicious software, encrypting sensitive data. This cyberattack was immediately identified as a ransomware event, although no ransom or payment was made to the responsible party. The incident affected approximately 5,000 individuals in the United States, according to a disclosure filed with the Dept. of Health & Human Services.

The investigation, conducted with the assistance of a leading cybersecurity and forensic firm, determined that the attackers may have accessed or viewed network locations containing both personally identifiable information (PII) and protected health information (PHI). The exposed data includes names, Social Security numbers, dates of birth, home addresses, phone numbers, claim information, and dental medical records, which may contain treatment dates and summaries.

Upper Dublin Family Dentistry reported the breach to the Massachusetts Attorney General’s office on July 22, 2025, as documented in the official breach notification. The Vermont Attorney General’s office also received notification on July 22, 2025, with details available in the Vermont data breach notice.

Upper Dublin Family Dentistry's response

Following the discovery of the breach, Upper Dublin Family Dentistry took immediate steps to contain the threat and restore system functionality. They engaged a top cybersecurity and forensic firm to investigate the incident, assess the extent of the breach, and strengthen their network security. The company has since enhanced its web server infrastructure and implemented additional safeguards to prevent future incidents.

For those affected, Upper Dublin Family Dentistry is offering complimentary Single Bureau Credit Monitoring, Credit Report, and Credit Score services for 12 months through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. These services provide alerts when changes occur to a credit file, offering an extra layer of protection. Individuals are encouraged to enroll within 90 days of receiving notification to take advantage of these resources.

In addition to credit monitoring, the company recommends that affected individuals:

• Review account statements and credit reports for suspicious activity
• Place a fraud alert or security freeze on credit files if warranted
• Report any suspected identity theft or fraud to law enforcement, their state attorney general, or the Federal Trade Commission

Further guidance and contact information for credit agencies are provided in the official consumer notice, which is available at the bottom of this page in PDF format.

More information about the practice can be found on the Upper Dublin Family Dentistry website.