First Choice Dental to pay up to $1.2M in ransomware settlement

The Wisconsin-based dental network has agreed to resolve a class action lawsuit following a 2023 ransomware attack that exposed sensitive patient information.

What happened

First Choice Dental, which operates 12 clinics in Wisconsin, experienced a ransomware attack on October 22, 2023. Initially believed to impact around 1,000 individuals, the breach was later found to affect more than 159,000 patients. Information compromised included names, birthdates, Social Security numbers, health records, and financial data.

Following multiple lawsuits, a consolidated class action was filed in Wisconsin state court. The plaintiffs alleged that the breach resulted from First Choice Dental’s failure to implement adequate data protection measures.

Going deeper

Internal notices released after the attack show that First Choice Dental’s response involved both containment and a wide set of technical remediation steps. The organization deployed XDR and EDR across endpoints, implemented immutable off-site backups, patched its VMware environment, reset and reduced administrative accounts, enforced a stronger Active Directory password policy, and temporarily disabled remote access while new MFA and firewall systems were put in place. These actions were communicated to patients in an interim notice before the full scope of the incident was known.

As the investigation progressed, the breach was determined to be much larger than initially reported, and the litigation shifted toward mediation. Although the company maintained it was not at fault, both sides ultimately agreed to resolve the claims through a settlement valued at up to $1.225 million, subject to final court approval.

What was said

First Choice Dental has consistently denied liability, arguing that there was no negligence and that the company acted appropriately. The court dismissed two claims, unjust enrichment and invasion of privacy, but allowed the rest to proceed.

The big picture

Ransomware continues to reshape the risk landscape for healthcare providers, and dental networks are no exception. According to Paubox’s State of Security report, ransomware attacks on healthcare organizations have surged by 264% since 2018, based on data from the Office for Civil Rights. The First Choice Dental incident reflects how these attacks have grown more aggressive and more disruptive, with threat actors quietly exfiltrating data before triggering encryption and leaving organizations to uncover the true scope only after lengthy forensic reviews.

FAQs

Why are dental and specialty clinics seeing more ransomware activity?

Dental groups typically operate distributed clinic networks with shared administrative systems, making them attractive to attackers looking for broad access through a single compromise point. These environments often contain high-value identity, insurance, and treatment data.

What internal factors commonly drive litigation after ransomware incidents?

Lawsuits often point to gaps in risk assessments, delayed patching, insufficient endpoint protection, or incomplete monitoring. Providers without clearly documented, annually tested security controls face greater legal exposure.

What security practices should dental networks reassess after this case?

Multi-location practices should verify that backups are isolated and recoverable, remote access is secured with MFA, and legacy clinical systems are segmented. Incident-response playbooks should include ransomware-specific containment steps.

What operational lessons can similar providers take from the First Choice Dental breach?

Centralized systems supporting multiple clinics require consistent configuration management and rapid threat visibility. Routine penetration testing and third-party security audits can help identify weaknesses that attackers often exploit.