Upper Dublin Family Dentistry Data Breach Exposes Social Security Numbers

Published

July 24, 2025

Updated

August 2, 2025

Upper Dublin Family Dentistry

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On May 13, 2025, Upper Dublin Family Dentistry discovered that an unauthorized party had gained access to its computer systems and deployed malicious software, encrypting sensitive data. This cyberattack was identified as a ransomware event, although no ransom or payment was made to the responsible party.

The incident affected approximately the protected health information of an estimated 5,000 individuals in the United States, according to a disclosure filed with the Dept. of Health & Human Services.

The investigation, conducted with the assistance of a leading cybersecurity and forensic firm, determined that the attackers may have accessed or viewed network locations containing both personally identifiable information (PII) and protected health information (PHI). The exposed data includes names, Social Security numbers, dates of birth, home addresses, phone numbers, claim information, and dental medical records, which may contain treatment dates and summaries.

Upper Dublin Family Dentistry reported the breach to state attorney generals' office beginning on July 22, 2025, including to Massachusetts, New Hampshire, and Vermont.

Upper Dublin Family Dentistry's response

Upper Dublin Family Dentistry is offering complimentary Single Bureau Credit Monitoring, Credit Report, and Credit Score services for 12 months through Cyberscout, a TransUnion company specializing in fraud assistance and remediation. These services provide alerts when changes occur to a credit file, offering an extra layer of protection. Individuals are encouraged to enroll within 90 days of receiving notification to take advantage of these resources.

In addition to credit monitoring, the company recommends that affected individuals:

Review account statements and credit reports for suspicious activity
Place a fraud alert or security freeze on credit files if warranted
Report any suspected identity theft or fraud to law enforcement, their state attorney general, or the Federal Trade Commission

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.