Dyras Dental

Dyras Dental is a Michigan-based dental entity operating within the United States, providing oral healthcare services to patients. As a healthcare provider, the organization handles sensitive patient information, including protected health information (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA). Its core function involves the diagnosis, treatment, and prevention of dental conditions, serving a local patient population. The organization's operational footprint is centered in Michigan, though specific details regarding the number of locations, patient volume, or exact service scope are not provided in the available information. Its position within the dental sector is that of a typical private practice or small clinical network, a common target for cybercriminal groups seeking valuable medical records for fraud or extortion.

The organization is notably defined by a documented cybersecurity incident that occurred on September 24, 2020. On that date, Dyras Dental was compromised by the Egregor ransomware group, which exfiltrated a significant volume of sensitive data. The stolen data included patient-protected health information, employee tax documents, and voicemails containing patient details. The attackers subsequently publicly leaked over 100 files as proof of the breach, primarily consisting of financial and insurance billing records. A critical aspect of this incident is the victim's lack of public acknowledgment or response to the breach, with no official breach notification appearing on the organization's channels. This non-displacement, combined with the later removal of the organization's listing from the Egregor leak site, suggests potential behind-the-scenes negotiations, though the specifics remain unconfirmed. The exposure of protected health information strongly indicates an unreported HIPAA violation, highlighting a failure in the organization's data protection safeguards at that time. This event situates Dyras Dental within a broader pattern of Egregor's aggressive targeting of medical and dental organizations, demonstrating the group's willingness to exploit healthcare entities without restraint. The incident serves as a case study in the persistent threat posed by ransomware operations to the healthcare sector, where the theft of sensitive data is used as leverage for extortion, often alongside the encryption of systems. The available information does not specify the organization's ownership structure, parent company, or any subsidiary relationships, leaving those structural elements undetermined.