The Wisconsin-based dental network has agreed to resolve a class action lawsuit following a 2023 ransomware attack that exposed sensitive patient information.
First Choice Dental, which operates 12 clinics in Wisconsin, experienced a ransomware attack on October 22, 2023. Initially believed to impact around 1,000 individuals, the breach was later found to affect more than 159,000 patients. Information compromised included names, birthdates, Social Security numbers, health records, and financial data.
Following multiple lawsuits, a consolidated class action was filed in Wisconsin state court. The plaintiffs alleged that the breach resulted from First Choice Dental’s failure to implement adequate data protection measures.
Internal notices released after the attack show that First Choice Dental’s response involved both containment and a wide set of technical remediation steps. The organization deployed XDR and EDR across endpoints, implemented immutable off-site backups, patched its VMware environment, reset and reduced administrative accounts, enforced a stronger Active Directory password policy, and temporarily disabled remote access while new MFA and firewall systems were put in place. These actions were communicated to patients in an interim notice before the full scope of the incident was known.
As the investigation progressed, the breach was determined to be much larger than initially reported, and the litigation shifted toward mediation. Although the company maintained it was not at fault, both sides ultimately agreed to resolve the claims through a settlement valued at up to $1.225 million, subject to final court approval.
First Choice Dental has consistently denied liability, arguing that there was no negligence and that the company acted appropriately. The court dismissed two claims, unjust enrichment and invasion of privacy, but allowed the rest to proceed.
Ransomware continues to reshape the risk landscape for healthcare providers, and dental networks are no exception. According to Paubox’s State of Security report, ransomware attacks on healthcare organizations have surged by 264% since 2018, based on data from the Office for Civil Rights. The First Choice Dental incident reflects how these attacks have grown more aggressive and more disruptive, with threat actors quietly exfiltrating data before triggering encryption and leaving organizations to uncover the true scope only after lengthy forensic reviews.
Dental groups typically operate distributed clinic networks with shared administrative systems, making them attractive to attackers looking for broad access through a single compromise point. These environments often contain high-value identity, insurance, and treatment data.
Lawsuits often point to gaps in risk assessments, delayed patching, insufficient endpoint protection, or incomplete monitoring. Providers without clearly documented, annually tested security controls face greater legal exposure.
Multi-location practices should verify that backups are isolated and recoverable, remote access is secured with MFA, and legacy clinical systems are segmented. Incident-response playbooks should include ransomware-specific containment steps.
Centralized systems supporting multiple clinics require consistent configuration management and rapid threat visibility. Routine penetration testing and third-party security audits can help identify weaknesses that attackers often exploit.