Cyber Incident Victim: Jackson & Joyce Family Dentistry
Date:
Dec 2022
Location:
United States of America
Summary
Jackson & Joyce Family Dentistry experienced a cybersecurity incident involving an unconfirmed ransomware attack claimed by the LockBit 3.0 group, which listed the Florida-based dental practice on its leak site alongside purported proof-of-hack screenshots. The entity has not publicly acknowledged or provided notification regarding the incident despite external inquiries, leaving the attack's validity and potential data impacts undetermined.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Jackson & Joyce Family Dentistry incident emerged publicly on February 3, 2023, when the LockBit 3.0 ransomware group listed the Ocala, Florida-based dental practice on its dark web leak site. LockBit 3.0 provided several screenshots purporting to validate their unauthorized access to the practice’s systems, though the specific content of these screenshots was not detailed in available reports. At the time of public disclosure, Jackson & Joyce Family Dentistry had not issued any formal notifications, acknowledgments, or statements regarding the alleged breach through their website, social media channels, or direct patient communications. DataBreaches.net attempted to contact the dental practice via email to verify LockBit’s claims but received no response, leaving the incident unconfirmed by the entity itself. No further technical details about the intrusion method, timeline of unauthorized access, or specific systems compromised were disclosed in open sources.
The absence of official confirmation or transparency from Jackson & Joyce Family Dentistry created uncertainty regarding the scope and severity of the incident. LockBit’s typical ransomware operations involve data exfiltration followed by extortion demands, but no ransom amount, payment status, or data deletion claims were publicly linked to this specific case. The screenshots presented by LockBit 3.0 suggested some level of network access, though the nature of potentially exposed patient or operational data remained unspecified. Unlike contemporaneous healthcare sector breaches reported in the same article—such as those at Regal Medical Group and Cardiovascular Associates—Jackson & Joyce’s incident lacked corroborating evidence from regulatory filings, breach notifications, or updates to the U.S. Department of Health and Human Services’ public breach portal. The practice’s silence left patients and stakeholders without guidance on potential risks to personal or medical information. As of the latest available reporting, the incident remained unverified and absent from government breach databases.