360 Dental PC reports ransomware incident affecting over 11k

A Philadelphia dental practice disclosed a server intrusion that exposed patient and insurance information.

What happened

360 Dental PC, a dental practice based in Northeast Philadelphia, reported a ransomware-related data breach that affected approximately 11,273 individuals. According to a filing with the US Department of Health and Human Services, the practice discovered on November 16, 2025, that an unauthorized party had accessed its internal server and encrypted files, temporarily disrupting access. A subsequent review determined that both personally identifiable information and protected health information were present in the affected files, including patient names, Social Security numbers for a limited number of individuals, dates of birth, contact details, insurance information, and dental treatment records.

Going deeper

The incident involved a server-level compromise rather than an email or third-party exposure, thereby increasing the scope of potentially affected information. Clinical records stored on the system included appointment details, diagnostic information, imaging, and insurance identifiers, all of which trigger notification obligations even when misuse has not been confirmed. The breach was formally reported to federal regulators in January 2026, following completion of a file review. While the practice stated that access was restored after remediation efforts, the presence of encrypted files indicates a ransomware event rather than incidental exposure.

What was said

360 Dental PC said it notified patients after identifying a security incident involving its internal systems. In its breach notification letter dated December 27, 2025, the practice said, “We are sending this letter to you as part of 360 Dental’s commitment to patient privacy,” adding that it wanted patients to be “fully aware of a potential privacy issue.”

The practice said it discovered the incident on November 16, 2025, explaining that “an unauthorized party accessed the system and locked files, making them temporarily inaccessible.” According to the notice, affected information “may have been involved,” including patient identifiers, dental and clinical records, insurance details, and, for a limited number of individuals, Social Security numbers.

360 Dental said the incident was reported to authorities and noted, “We have no indication that your information has been misused.” The practice also outlined remediation steps, stating that it “strengthened our systems by replacing affected computers, rebuilding the server, updating all software, implementing additional firewalls, antivirus protection, multi-factor authentication, and VPN-only access.”

In the know

Dental practices continue to be affected by breaches that originate outside their own networks. In February 2025, Absolute Dental disclosed a data breach impacting more than 1.2 million people across over 50 locations in Nevada. According to the breach notice, attackers did not access Absolute Dental’s systems directly. Instead, they compromised the company’s managed services provider, deploying “a malicious version of a legitimate software tool through an account associated with its managed services provider.” The incident shows that data breaches in dentistry can have a wide impact, not just those involving large hospital systems.

The big picture

Research published in the International Journal of Healthcare Management describes a period when small healthcare providers “genuinely believed that their business was unlikely to be targeted by hackers because it was small,” a mindset the authors call the “Period of Innocence.” That assumption no longer holds. More than 60% of physicians now work in small practices, and attackers have adjusted their playbooks accordingly.

A dental office does not look like a hospital system from a security standpoint. Large health networks run dedicated security teams around the clock. Many dental practices rely on a small staff where one person manages appointments, billing, insurance, and IT issues when something breaks. At the same time, dental systems store Social Security numbers, insurance identifiers, and full treatment histories. For attackers, that combination of valuable data and limited defenses makes small practices an appealing target, even when they operate quietly and locally.

FAQs

What types of information were involved in this incident?

The affected data included patient identifiers, contact information, insurance details, and dental treatment records. A limited number of Social Security numbers were also involved.

Does encryption alone mean data was stolen?

Not necessarily. However, regulators require notification when unauthorized access occurs, and the extent of exposure cannot be ruled out.

What risks should affected patients be aware of?

Patients should watch for unfamiliar insurance claims, billing activity, or communications that reference dental services or coverage.

How are smaller healthcare practices commonly targeted?

Attackers often focus on on-premises servers, remote access systems, and outdated software where patching and monitoring may be inconsistent.