Cyber Incident Victim: Coldwater Orthodontics
Date:
Nov 2020
Location:
United States of America
Summary
Coldwater Orthodontics in Michigan was listed on Egregor ransomware operators' leak site following a cyberattack, with attackers releasing some exfiltrated data primarily consisting of business forms and marketing materials. While the initial data dump did not appear to contain identifiable patient health information, it remained unclear whether protected health data was accessed or stolen during the breach. The incident reflects Egregor's broader pattern of targeting healthcare entities despite industry concerns about disrupting medical services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-to-late 2020, Coldwater Orthodontics, a Michigan-based dental practice, was listed on the Egregor ransomware group’s dedicated leak site as a victim of their operations. The threat actors publicly disclosed a sample of data allegedly exfiltrated from the practice as proof of their compromise. Analysis of the dumped files by DataBreaches.net indicated the initial release primarily contained business-related documents, including operational forms and marketing materials, rather than identifiable patient health information or financial records. At the time of reporting, no evidence confirmed whether protected health information (PHI) had been accessed or exfiltrated by the attackers. The practice did not publicly acknowledge the incident or respond to inquiries from journalists seeking confirmation or additional details. Egregor’s leak site listing for Coldwater Orthodontics remained active as of the article’s publication date, September 24, 2020, distinguishing it from another dental entity, Dyras Dental, whose listing was removed under unclear circumstances.
The incident raised concerns about potential HIPAA reporting obligations, contingent on whether PHI was ultimately compromised during the attack. Unlike other Egregor victims in the healthcare sector, such as Dyras Dental and an unnamed Australian practice, Coldwater Orthodontics’ leaked data did not immediately demonstrate exposure of sensitive patient or employee records. No further details regarding the attack vector, duration of network access, or containment measures were disclosed by the practice or independent investigators. The lack of public statements from Coldwater Orthodontics left the scope of the breach, including potential operational disruptions or data recovery efforts, unverified. Egregor’s inclusion of multiple dental entities on their leak site underscored their consistent targeting of the healthcare sector despite industry appeals for ransomware groups to avoid critical medical infrastructure.