Absolute Dental Settles 2025 Data Breach Claims for $3.3 Million

In February 2025, Absolute Dental’s systems were accessed without authorization, potentially exposing names, Social Security numbers, and health records of patients across its Nevada, California, and Texas locations. The intrusion persisted until early March before being detected. The company has not disclosed the exact technique used, but the incident prompted a class‑action lawsuit alleging inadequate cybersecurity safeguards.

- Settlement amount: $3.3 million, approved to resolve the class‑action claims. - Breach window: February 19 – March 5, 2025. - Claim deadline: June 18, 2026; forms must be submitted to the settlement administrator. - Maximum individual award: $5,000 for provable out‑of‑pocket losses such as bank fees, identity‑theft expenses, and travel costs. - California residents may receive up to double the base cash payment under the CCPA. - Objection and exclusion deadline: June 9, 2026. - Final approval hearing scheduled for July 30, 2026. - Case: Jordan, et al. v. Absolute Dental Group LLC, Case No. 2:25‑cv‑00986‑JCM‑EJY (U.S. District Court for the District of Nevada).

The settlement provides financial relief to affected patients while highlighting the cost of insufficient data protection. For healthcare providers, the case underscores the need to align security practices with regulatory expectations such as HIPAA and state privacy laws. Organizations should review access controls, ensure timely patching of known vulnerabilities, and encrypt sensitive data both at rest and in transit. Implementing multi‑factor authentication and monitoring for anomalous login attempts can reduce the risk of credential‑based intrusions (MITRE ATT&CK T1078). Regular vulnerability scans and penetration testing help identify weaknesses before attackers exploit them. While the specific exploit used against Absolute Dental has not been published, applying these baseline controls mitigates common attack paths seen in similar breaches.