Cyber Incident Victim: Sarrell Dental

Sarrell Dental and Eye Centers, a non-profit organization operating as Alabama's largest dental provider with 17 clinics, experienced a ransomware attack that began around January 2019. The intrusion was detected in July 2019 when ransomware activated on their computer systems, prompting immediate containment measures. Sarrell Dental took all affected servers offline and temporarily closed its offices for two weeks to rebuild business systems from scratch while implementing enhanced security protocols. The organization reported the incident to the U.S. Department of Health and Human Services on September 12, 2019, disclosing an impact on 391,472 patients, though this notification initially received limited media attention. Forensic investigators determined the ransomware infection resulted from a network intrusion that potentially persisted undetected for approximately six months prior to discovery.

Despite extensive analysis, investigators could not confirm whether attackers accessed, copied, or removed sensitive patient data during the intrusion period. As a precaution, Sarrell Dental issued notifications to affected individuals through IDExperts, a third-party incident response firm that established a dedicated communications website. The compromised systems contained patients' full names, physical addresses, dates of birth, Social Security Numbers, health insurance details, and comprehensive treatment records. Treatment information included dates of service, dental procedure codes, medical diagnosis codes, and the names of treating dentists. The organization maintained its systems offline throughout the two-week recovery period to ensure complete eradication of malicious activity before restoring operations with strengthened cybersecurity defenses. No evidence emerged suggesting actual misuse of patient data, but notification proceeded due to the inherent inability to definitively rule out potential access during the extended breach window.