Cyber Incident Victim: Higginbotham Family Dental
Date:
Sep 2020
Location:
United States of America
Summary
Higginbotham Family Dental experienced a ransomware attack involving data exfiltration by the Conti threat actor group, resulting in the public dumping of over 700 files. The compromised data included image files containing patient initials and surnames in filenames, employee time-tracking QR codes, and financial records such as deposit reconciliations; the extent of protected health information acquisition remained unclear. The practice did not publicly acknowledge the incident via its website, regulatory filings, or patient notifications at the time of reporting, despite confirmation of the data leak by external researchers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Higginbotham Family Dental ransomware incident occurred on or around September 15, 2020, when the Conti ransomware group added the dental practice to its dedicated leak site. Conti threat actors exfiltrated and publicly dumped over 700 files from Higginbotham’s systems, primarily consisting of image files containing patient names in filenames, QR codes linked to employee time-tracking data on buddypunch.com, and financial records such as deposit reconciliation documents. The practice, operating ten offices across Arkansas, Tennessee, and Missouri, was confirmed to be subject to HIPAA regulations due to its handling of protected health information (PHI). DataBreaches.net first contacted Higginbotham via their website contact form on September 17, 2020, but received no response. A follow-up email sent the same day explicitly referenced the exfiltrated ePHI observed in Conti’s data dump, including details about the filenames containing patient identifiers. Despite these outreach attempts, Higginbotham did not acknowledge the incident or provide clarification on the scope of compromised data.
As of November 8, 2020, Higginbotham had not published any breach notification on its website, issued press releases, or filed an entry on the U.S. Department of Health and Human Services (HHS) public breach portal. The absence of HHS reporting indicated the practice had not formally disclosed the incident to federal regulators within the 60-day window required by HIPAA for breaches involving PHI. DataBreaches.net could not verify whether patient notifications or submissions to state attorneys general had occurred privately. Conti’s leak site activity aimed to pressure victims into paying ransoms by threatening further data exposure, though Higginbotham’s specific negotiations or payment status remained undisclosed. The dumped files suggested potential access to employee records and financial operations, but the full extent of PHI exposure was unclear due to the practice’s non-disclosure. The incident exemplified Conti’s broader targeting of healthcare entities in 2020, leveraging public data dumps to escalate extortion demands while victims delayed public acknowledgments.