DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated

Posted on May 24, 2025 by Dissent

Kathryn Rattigan of Robinson + Cole writes:

Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been filed in federal courts in Tennessee and Pennsylvania, alleging the company failed to secure and protect patient data properly.

The lawsuits claim Chord Dental violated its obligations under state and federal laws, including the Federal Trade Commission (FTC) Act and the Health Insurance Portability and Accountability Act (HIPAA). Plaintiffs argue that the company did not implement reasonable cybersecurity measures or provide timely and sufficient notice of the breach.

Exposed data included names, addresses, Social Security numbers, driver’s license numbers, bank and payment card information, dates of birth, and medical and insurance records.

Read more at Robinson + Cole.

Chord is a multi-specialty Dental Support Organization (DSO) based in Tennessee. As a HIPAA business associate, it provides preventive services, diagnostic imaging, and a range of restorative dental care for affiliated pediatric practices, orthodontic locations, and ambulatory surgery centers at more than 60 locations across six states. Its partner practices include Spark Orthodontics, Children’s Dental Health, Pediatric Dental Associates, Dentistry for Children, Children’s Dental Surgery, and Cumberland Pediatric Dentistry & Orthodontics. Headquartered in Nashville, Tennessee.

On March 14, 2025, Chord posted a notice on its website that explains the breach this way:

On or around September 11, 2024, CDHA Management, LLC and Spark DSO, LLC dba Chord Specialty Dental Partners (“Chord”) discovered suspicious activity related to an employee’s email account. Upon discovery, we took immediate action to secure the account and engaged a team of third-party specialists to assist with determining the full nature and scope of the incident. The investigation determined that an unauthorized individual had gained access to several accounts for a limited time between August 19, 2024, to September 25, 2024. Therefore, we conducted a comprehensive review of the information potentially affected. The type of information varies by individual and may include name and one or more of the following: address, Social Security number, driver’s license, bank account information, payment card information, date of birth, medical information, and health insurance information.

At this time, Chord is not aware of any evidence to suggest that any information has been or will be fraudulently misused. However, we were unable to rule out the possibility that the information could have been accessed. Therefore, in an abundance of caution, we are notifying potentially impacted individuals of this incident.

On March 14, Chord also notified HHS that 173,430 patients had been affected by the incident.

A check of sites that search the dark web leak sites of ransomware and extortion groups did not uncover any data or listing from this incident as of publication today.

From Ms Rattigan’s description of the complaint, plaintiffs have not alleged any concrete harm such as fraud or identity theft, but make claims based on time spent addressing breach, out-of-pocket costs, distress, increased risk of harm, etc.

On May 22, all related cases were order consolidated under Figueroa v. CDHA Management, LLC, 2:25-cv-02186, (E.D. Pa.).

 

Related posts:

  • Connexin Software notifies parents of 2.2 million pediatric patients of hack
Category: HackHealth Data

Post navigation

← PA: York County alerts residents of potential data breach
Private Industry Notification: Silent Ransom Group Targeting Law Firms →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.