Aspen Dental, operating under APEO, LLC, disclosed a significant data breach after falling victim to a ransomware attack in April 2023. The breach, revealed through a notice to the Attorney General of Maine on February 22, 2024, resulted in unauthorized access to the company’s computer network. Both employee and patient information were compromised, with the incident prompting Aspen Dental to undertake a thorough investigation and engage third-party data security specialists for assistance.
The investigation confirmed that the ransomware attackers, impacting TAG, Aspen Dental’s parent company, gained access to confidential information stored within the Aspen Dental network. Specifics of the compromised data include employee information, confirmed on December 11, 2023, and patient data encompassing names, Social Security numbers, health information, financial account details, and more. On the same day of the confirmation, Aspen Dental began the process of notifying affected individuals through data breach letters. Unfortunately, the publicly available breach letter does not detail the specific data types leaked, but personalized letters to victims aim to provide a comprehensive list of compromised information.
Aspen Dental, founded in 1988 and headquartered in Syracuse, New York, is a prominent nationwide dental practice chain. As part of The Aspen Group, the company employs over 15,000 individuals and generates approximately $2.3 billion in annual revenue. The breach underscores the growing challenges companies face in safeguarding sensitive information, necessitating thorough investigations, and transparent communication with affected parties.