Cyber Incident Victim: btyDental
Date:
Nov 2019
Location:
United States of America
Summary
A ransomware attack targeted a dental practice in Anchorage, Alaska, compromising some servers and potentially exposing patients' names and x-ray images, though investigators could not confirm unauthorized access to this data. Critical information including financial records, medical histories, Social Security numbers, and dates of birth remained protected through encryption compliant with HIPAA requirements. The organization proactively notified approximately 2008 affected patients and reported the incident to health authorities within regulatory timeframes as a precautionary measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 17, 2019, btyDental, an Anchorage-based dental practice, discovered a ransomware attack affecting portions of its server infrastructure. The malicious activity disrupted operations and created uncertainty regarding potential unauthorized access to patient data. Forensic analysis confirmed the ransomware compromised specific servers, raising concerns that attackers might have viewed or extracted patients' names and associated dental X-ray images. However, investigators could not definitively establish whether this data was actually accessed or exfiltrated during the incident. The practice emphasized that critical systems containing more sensitive patient information remained protected through encryption measures compliant with HIPAA standards. Notably, the investigation confirmed no compromise of financial records, full medical histories, Social Security numbers, or dates of birth—regardless of whether patients had provided such details to the practice. This containment of the breach's scope resulted from pre-existing security controls isolating the practice management software and primary patient database from the affected servers.
btyDental initiated a coordinated response following the discovery, prioritizing transparency and regulatory compliance. On December 26, 2019—within 40 days of detecting the incident—the practice formally reported the breach to the U.S. Department of Health and Human Services through official channels. The HHS breach portal subsequently reflected notifications sent to 2,008 patients whose names and X-ray images were potentially exposed. These notifications explicitly stated the absence of evidence confirming actual data access or theft but were issued proactively given the theoretical risk. The practice's public communication highlighted the encryption safeguards protecting core systems and reiterated that no financial or high-sensitivity identifiers were involved. This incident underscored the operational disruption caused by ransomware while demonstrating how segmented security architectures can limit data exposure during attacks targeting healthcare providers.