Active breach tracker Nevada Disclosed May 2, 2025

Absolute Dental Group Data Breach 2025: 1,223,635 Patients Exposed in Feb-Mar Network Intrusion · $3.3M Settlement Pending

Absolute Dental Group, the Nevada DSO with 50+ locations, confirmed an unauthorized actor accessed its network between February 19 and March 5, 2025. Names, Social Security numbers, driver's license data, treatment records, and insurance information for 1,223,635 individuals were exposed. A $3.3M class-action settlement received preliminary approval on March 10, 2026.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Feb 19, 2025

Unauthorized access to Absolute Dental network begins

Feb 26, 2025

Suspicious activity identified in information systems; third-party forensics engaged

Mar 5, 2025

Unauthorized access window closes

May 2, 2025

Initial filing with HHS Office for Civil Rights using placeholder count of 501

Jul 28, 2025

File review completed; full scope of affected individuals determined

Sep 3, 2025

Public disclosure and start of individual notification mailings

Mar 10, 2026

Court grants preliminary approval of $3.3M class-action settlement (Jordan v. Absolute Dental Group)

Jun 9, 2026

Deadline to object to or exclude from settlement

Jun 18, 2026

Settlement claim submission deadline

Jul 30, 2026

Final approval hearing scheduled

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license or state ID information Passport or other government ID information

02

Health records

Don't expire and can't be reissued

Health history, diagnosis, and treatment information Medical record numbers (MRN) and patient ID numbers

03

Contact & insurance

Phishing + targeted scams

Names Contact information Dates of birth Explanation of benefits Health insurance information Financial account and payment card information (subset of individuals)

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Ahdoot & Wolfson, P.C. Stranch, Jennings & Garvey PLLC Federman & Sherwood Cafferty Clobes Meriwether & Sprengel LLP Winston & Strawn LLP Barnow and Associates, P.C. Morgan & Morgan
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Absolute Dental Group, the dental service organization that operates more than 50 clinics across Nevada (Las Vegas, Reno, Carson City, Sparks, and Minden) and additional locations in California and Texas, confirmed that an unauthorized actor had access to its network from February 19 through March 5, 2025. The intrusion was identified on February 26, 2025, and a months-long forensic file review concluded on July 28, 2025 that 1,223,635 patients had personal, identity, financial, and health information exposed. Individual notification mailings began in August 2025, and a $3.3 million class-action settlement in the U.S. District Court for the District of Nevada received preliminary approval on March 10, 2026.

According to the breach notice submitted to state attorneys general, the incident originated from “the inadvertent execution of a malicious version of a legitimate software tool” through an account associated with Judge Consulting, Inc., Absolute Dental’s third-party managed services provider (MSP). Security analysts have characterized this as a supply-chain attack: attackers exploited the trusted privileged access of the MSP rather than breaching Absolute Dental’s own network perimeter directly. No ransomware group has publicly claimed responsibility, and no leak-site posting of Absolute Dental data has been independently reported in the sources reviewed.

Absolute Dental’s initial HIPAA report to the HHS Office for Civil Rights on May 2, 2025 used a placeholder figure of 501 affected individuals. The corrected total of 1,223,635 was reported to multiple state attorneys general beginning August 26, 2025, and confirmed in individual notification letters. As of this writing, the federal OCR portal entry still reflects the placeholder count rather than the 1.2 million figure.

Timeline

  • February 19, 2025 — Unauthorized access to Absolute Dental’s network begins.
  • February 26, 2025 — Suspicious activity is identified in the dental group’s information systems. Third-party digital forensics experts are engaged.
  • March 5, 2025 — Unauthorized access window ends; containment is achieved.
  • May 2, 2025 — Initial HIPAA breach notification filed with HHS OCR using a 501-individual placeholder count.
  • July 28, 2025 — Document and file review concludes, establishing the final count of 1,223,635 affected individuals.
  • September 3, 2025 — Public disclosure issued; individual notification mailings begin; substitute notice posted.
  • 2025 — Multiple proposed class actions consolidated as Jordan et al. v. Absolute Dental Group, LLC, Case No. 2:25-cv-00986 (D. Nev.).
  • March 10, 2026 — Court grants preliminary approval of the $3.3M settlement.
  • June 9, 2026 — Deadline for class members to object or opt out.
  • June 18, 2026 — Deadline to submit a claim.
  • July 30, 2026 — Final approval hearing scheduled.

What was exposed

The data elements confirmed exposed vary by individual but include:

  • Name, contact information, and date of birth
  • Social Security number
  • Driver’s license or state-issued ID number
  • Passport or other government ID information
  • Health history, diagnosis, and treatment information
  • Explanation of benefits and health insurance information
  • Medical record numbers and patient ID numbers
  • Financial account and payment card information (a subset of affected individuals)

The breach notice text confirms the intrusion vector: a malicious version of a legitimate software tool executed through Judge Consulting’s MSP account. No ransomware group has publicly claimed responsibility, and no leak-site posting of Absolute Dental data has been independently reported in the sources reviewed.

What the entity is offering

Absolute Dental is offering two years of complimentary identity monitoring through Kroll to notified individuals. Your notification letter includes a membership number and enrollment instructions; activate at info.krollmonitoring.com. A dedicated call center is available at (866) 559-3472, Monday through Friday, 8:00 a.m. to 5:30 p.m. CT, excluding major U.S. holidays.

The proposed $3.3M class-action settlement provides:

  • Up to $5,000 per person for documented out-of-pocket losses traceable to the incident
  • A pro rata cash payment from the remaining settlement fund for class members who do not document losses
  • Doubled cash-fund payments for California residents at the time of the breach
  • Settlement-administered identity protection services

Claims may be submitted online at the official settlement site or by mail to the settlement administrator by June 18, 2026.

Class-action and regulatory posture

The consolidated class action is captioned Jordan et al. v. Absolute Dental Group, LLC, et al., Case No. 2:25-cv-00986-JAD-DJA, in the U.S. District Court for the District of Nevada before Judge Jennifer A. Dorsey. Plaintiffs’ counsel of record include Ahdoot & Wolfson, P.C.; Stranch, Jennings & Garvey PLLC; Federman & Sherwood; Cafferty Clobes Meriwether & Sprengel LLP; and Winston & Strawn LLP. Multiple other firms, including Barnow and Associates and Morgan & Morgan, publicly opened investigations.

The settlement covers only the claims against Absolute Dental Group. Judge Consulting, Inc. is not part of the settlement and had a pending motion to dismiss as of the preliminary-approval date. The preliminary-approval order was entered on March 10, 2026. As part of the settlement, Absolute Dental agreed to implement enhanced cybersecurity measures. A final fairness hearing is set for July 30, 2026, at 10:00 a.m. at the Lloyd D. George Federal Courthouse, 333 Las Vegas Blvd. South, Las Vegas, NV. The HHS OCR portal entry remains open pending update to the corrected affected-count figure.

Absolute Dental filed state AG notifications beginning August 26, 2025 with attorneys general in California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, and Washington. State-specific resident counts documented in the disclosures include approximately 1,892 Texas residents, 1,001 Washington residents, 170 Montana residents, 137 Massachusetts residents, and 46 New Hampshire residents.

What to do if you may be affected

  1. File a claim by June 18, 2026. If you received a notification letter from Absolute Dental Group, you are presumptively a class member. Use the official settlement site (absolutedatasettlement.com) and the unique ID and PIN from your settlement notice. Do not pay any third party to file on your behalf.
  2. Freeze your credit at Equifax, Experian, and TransUnion. Because Social Security numbers and government-ID data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
  3. Activate your Kroll identity monitoring. Your notification letter includes a membership number. Enroll at info.krollmonitoring.com or call (866) 559-3472 (Mon–Fri, 8 a.m.–5:30 p.m. CT). Even with a credit freeze in place, the two-year monitoring service provides fraud consultation and identity restoration assistance worth using.
  4. Watch for medical identity theft. Because diagnosis and insurance information was exposed, review every Explanation of Benefits (EOB) document you receive and request a copy of your benefits history from your insurer if you see services you did not receive.
  5. Be alert to targeted phishing. An actor with your name, address, date of birth, and dental-treatment history can craft highly convincing lures. Treat unexpected calls or emails referencing your Absolute Dental visits with skepticism and verify through official channels before acting.
  6. Stop the ongoing flow of your dental and health data. HealthConsent files HIPAA restriction requests so that the treatment records, diagnosis history, and insurance information exposed in this breach are not continuously re-shared across dental networks, insurance clearinghouses, and health information exchanges. File a restriction request through HealthConsent.

Continue reading

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.