Cybersecurity Incidents Reported by Multiple Dental Practices

Data breaches have been announced by several dental practices: Bayside Dental (TX/WA), Aldrich Pediatric Dentistry (IN), Stafford Oral Surgery (VA), Garrisonville Dental (VA), and Drs. Abdelbaky, Boes, Cameron & Associates of Wake Forest and Cary Park (NC).

Bayside Dental

Bayside Dental, a dental practice with locations in Rowlett, Texas, and Anacortes, Washington, has experienced a cybersecurity incident. Unauthorized network access was identified on or around January 5, 2026, and the forensic investigation confirmed on March 13, 2026, that there had been unauthorized access to files containing patient data on January 5, 2026.

Data potentially viewed or obtained in the incident included full names, dates of birth, Social Security numbers, medical treatment information, medical diagnostic information, prescription information, patient numbers, health insurance information, health insurance plan beneficiaries, and dates of service. Bayside Dental determined that the protected health information of up to 10,216 patients was potentially compromised in the incident. Bayside Dental has offered the affected individuals complimentary single-bureau credit monitoring, credit score, and credit report services for 12 months.

While not described by Bayside Dental as a ransomware attack, the Sinobi ransomware group claimed responsibility and added Bayside Dental to its dark web data leak site. The group claims to have stolen 580 gigabytes of data in the attack, including files containing patient data. Patients should therefore ensure that they sign up for the credit monitoring services being offered.

Aldrich Pediatric Dentistry

Aldrich Pediatric Dentistry in Indianapolis, IN, has also recently announced the exposure of patient data as a result of an email incident. On February 26, 2026, the practice learned that an employee’s email account was compromised on January 16, 2026, as a result of a response to a phishing email on January 16, 2026. The account was immediately secured, and an investigation was launched, which confirmed that the account contained the protected health information of 5,900 individuals.

Data potentially obtained in the attack included names, addresses, email addresses, telephone numbers, dates of service, procedures, and insurance information. Social Security numbers and financial information were not involved. The practice has implemented additional security measures to strengthen email security, and notification letters were mailed to the affected individuals around April 24, 2026.

Vendor Incident Affects Multiple Dental Practices

Several dental practices have recently disclosed data breaches involving a third-party vendor. The practices were contacted by the unnamed vendor on March 19, 2025, and were informed that limited patient data had been accessed by an unauthorized individual in a security incident. The vendor identified the unauthorized access on October 24, 2025, and the forensic investigation confirmed that some of the vendor’s email accounts and files were accessed between October 15 and October 23, 2025, as a result of a phishing attack.

The investigation found no evidence to suggest that the unauthorized third party accessed or copied any files containing patient information; however, unauthorized data access and acquisition could not be ruled out. The breach was limited to the vendor’s email accounts and associated files. There was no unauthorized access to patient medical or dental records. The compromised data varied from individual to individual and may have included names, addresses, dates of birth, medical information, health insurance information, and Social Security numbers. The affected individuals have been notified by mail and offered complimentary credit monitoring and identity theft protection services.

The HIPAA Journal has not yet been able to confirm how many dental practices have been affected; however, the following dental practices have issued breach notices confirming that patient data was potentially compromised in the incident.

Dental Practice Affected Individuals
Stafford Oral Surgery, Virginia 7,019
Garrisonville Dental, Virginia 5,204
Drs. Abdelbaky, Boes, Cameron & Associates of Wake Forest, North Carolina, d/b/a Triangle Family Dentistry 908
Drs. Abdelbaky, Boes, Cameron & Associates of Cary Park, North Carolina, d/b/a Triangle Family Dentistry 547

Spate of Attacks on Dental Practices

There has been a spate of data breaches reported by dental practices recently, including Bridle Trails Family Dentistry in Washington (20,976 individuals), Verber Dental Group PC in New York (8,598 individuals), Bronsky Orthodontics in New York (3,183 individuals) – covered here, and Totem Lake Family Dentistry in Washington (3,464 individuals). Apart from the Verber Dental Group data breach, these incidents involved unauthorized access to email accounts.

Dental practices should ensure that they set strong, unique passwords for employee email accounts, protect accounts with multifactor authentication, implement an email security solution, and provide security awareness training to the workforce to raise awareness of phishing and social engineering.

The post Cybersecurity Incidents Reported by Multiple Dental Practices appeared first on The HIPAA Journal.

Check Point VPN and Google Chrome Vulnerabilities Under Active Exploitation

Patches have been issued to fix a critical vulnerability affecting Check Point Mobile Access, SSL VPN, Remote Access VPN, and Spark Firewalls, and a high-severity vulnerability in Google Chrome, both of which are being actively exploited in the wild.

Check Point Remote Access VPN Vulnerability

On June 8, 2026, the cybersecurity firm Check Point issued a security advisory about a critical authentication bypass vulnerability tracked as CVE-2026-50751 (CVSS 9.3), which has been actively exploited in zero-day attacks since May 7, 2026. Exploitation of the vulnerability accelerated over the weekend, with a few dozen organizations falling victim to attacks. In one attack, Check Point associated the post-exploit activity with a Qilin ransomware affiliate that has previously targeted vulnerabilities in other VPNs.

The vulnerability affects Check Point Mobile Access, SSL VPN, Remote Access VPN, and Spark Firewalls; however, only if deployments are configured to use the deprecated IKEv1 key exchange protocol. In vulnerable deployments, unauthenticated remote attackers can exploit a logic flaw in certificate validation, which allows them to establish a VPN connection without a valid password, bypassing authentication requirements.

Check Point also identified a second vulnerability while investigating the actively exploited zero day. The vulnerability is also associated with the deprecated IKEv1 key exchange, which can allow a man-in-the-middle attack on VPN site-to-site connections. The vulnerability is tracked as CVE-2026-50752, has a CVSS score of 7.4, and affects Security Gateways and Spark Firewalls. At the time of issuing the patch, there had been no known exploitation of the flaw.

Customers using the IKEv1 key exchange protocol have been advised to apply the security updates as soon as possible. If the hotfixes cannot be immediately applied, users should follow Check Point’s mitigation guidance detailed in the security alert. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerability (KEV) Catalog and ordered all government agencies to secure their deployments by applying the security updates or mitigations within 3 days. or to discontinue use of the product.

Google Chrome Zero-day

Google has released an emergency patch to fix an actively exploited high-severity zero-day vulnerability in Google Chrome. The vulnerability, tracked as CVE-2026-11645, is due to an out-of-bounds read and write flaw in the Chrome V8 JavaScript engine. The vulnerability can be exploited by a remote attacker via specially crafted HTML pages. Successful exploitation allows the attacker to execute arbitrary code inside the web browser sandbox, exposing sensitive information or crashing Chrome.

Google is aware of an exploit for the vulnerability in the wild, and has rolled out updates for users in the Stable Desktop channel for Windows, Mac, and Linux Systems. Further information about the bug is being withheld until the majority of users have updated Chrome.

The post Check Point VPN and Google Chrome Vulnerabilities Under Active Exploitation appeared first on The HIPAA Journal.