DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No need to hack when it’s leaking: OrthoMinds edition

Posted on March 21, 2025 by Dissent

Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident.

Marianne Kolbasuk McGee reports:

A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. But the security researcher who discovered the unsecured database alleges the exposure appears to have lasted longer than that and affected at least 200,000 patients.

Georgia-based OrthoMinds in a public statement Thursday said it is notifying clients and individuals potentially affected by the data security breach.

[…]

In his January report, JayeLTee said he found exposed 1,863.71 gigabytes of data – or more than 300 database backups dating from November 2020 through mid-October 2024 – belonging to dental clinics that are OrthoMinds clients.

“It was 300 files exposed, but some clients had multiple backup files that looked like they spanned through multiple years from the timestamps on the filenames, so the client number would be less than that,” he said. “It was at a minimum over 200,000 patients just by looking at one of the backups, but I have no clue how much more than that,” he told ISMG.

OrthoMinds reported the incident to HHS in January using a placeholder for the number of patients affected. They have not updated that report since then.

Read more at BankInfoSecurity.

Category: Breach IncidentsExposureHealth DataSubcontractorU.S.

Post navigation

← Watsonville Community Hospital still hasn’t notified all those affected by a November data breach; employees are reporting tax refund fraud
Mission, Texas expects ransomware impact to last months →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.