Cyber Incident Victim: Lumino

On March 14, 2021, Wellington Oral Surgery, a dental practice owned by New Zealand-based Lumino Dental, discovered unauthorized access to a staff member’s email account. The breach resulted in patient personal information being accessed by an unknown third party. Lumino, which operates 120 dental practices nationwide, confirmed the incident was isolated to the Wellington facility. The compromised email account contained sensitive patient data, though specific details about the types of information exposed were not publicly disclosed. The company initiated an internal investigation upon detection but did not reveal whether external cybersecurity experts were engaged. No evidence suggested broader network infiltration beyond the single email account.

Lumino notified affected patients of the breach on March 15, 2021, one day after discovery, though the exact number of impacted individuals remained unspecified. The notification advised patients of potential risks associated with the exposure of their personal information but did not outline specific remedial measures offered by the company. Lumino maintained public confidence that the incident was contained to Wellington Oral Surgery, though it provided no technical evidence to substantiate this claim. The breach attracted media attention through Radio New Zealand’s initial reporting and subsequent coverage by cybersecurity news outlets. No ransomware demands, extortion attempts, or further malicious activity linked to the breach were reported following containment. The incident highlighted vulnerabilities in email security within healthcare-affiliated organizations but yielded no disclosed regulatory penalties or legal actions against Lumino.