Children's Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX) Data Breach 2025: 1,690 Pediatric Patients Affected by Stolen Unencrypted Laptop. What To Do.
Park Place Pediatric Dentistry in Arlington, TX notified 1,690 patients on February 14, 2025 that an unencrypted laptop containing names, dates of birth, dates of service, medical treatment records, and treatment-related financial information was stolen from an employee's vehicle on December 11, 2024. IDX credit monitoring offered.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Dec 11, 2024
Practice notified that an employee's laptop containing patient data had been stolen from her vehicle
Dec 11, 2024
Breach detected
Feb 14, 2025
HHS OCR breach report posted; substitute notice published on practice website
Feb 14, 2025
Affected patients began receiving individual notification letters; IDX credit monitoring activated
Feb 14, 2025
Disclosed publicly
Dec 11, 2024
Practice notified that an employee's laptop containing patient data had been stolen from her vehicle
Dec 11, 2024
Breach detected
Feb 14, 2025
HHS OCR breach report posted; substitute notice published on practice website
Feb 14, 2025
Affected patients began receiving individual notification letters; IDX credit monitoring activated
Feb 14, 2025
Disclosed publicly
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Children’s Dental Center at Preston Trail, P.C., operating as Park Place Pediatric Dentistry in Arlington, Texas, notified 1,690 patients on February 14, 2025 that an unencrypted laptop containing their protected health information had been stolen from an employee’s personal vehicle. The theft was discovered on December 11, 2024, and the laptop has not been recovered. The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights and is listed on the federal breach portal.
Timeline
- December 11, 2024 — The practice learns that an employee’s laptop has been stolen from her vehicle. The laptop is unencrypted. Local law enforcement is notified, and third-party cybersecurity experts are engaged.
- December 2024 – February 2025 — Forensic review confirms the laptop contained patient protected health information. The device was never observed connecting back to the practice network, and a remote-wipe trigger was configured in the event it ever does.
- February 14, 2025 — The practice posts a substitute notice on its website, files the breach with HHS OCR, and begins mailing individual notification letters to the 1,690 affected patients. IDX credit monitoring and identity-theft protection services are offered.
What was exposed
The unencrypted laptop contained patient records that included:
- Full name
- Patient account number
- Date of birth
- Date of service
- Medical treatment records
- Financial information related to treatment
Social Security numbers, payment card numbers, and driver’s license numbers were not listed in the practice’s notice. The notice states that as of the date of mailing, no fraud or identity theft tied to this incident had been identified.
Why this breach matters: pediatric patients
Park Place Pediatric Dentistry exclusively treats children. That means the bulk of the 1,690 affected individuals are minors, and the dates of birth on the stolen device belong to people who in many cases will not open their first credit file for another decade or longer. Minor identity theft is uniquely difficult to detect because parents rarely think to pull a credit report for a child, and synthetic-identity fraud rings specifically target children’s clean SSNs and birthdates to build long-lived fraudulent profiles. Even though the practice has stated that Social Security numbers were not on the stolen laptop, the combination of a child’s full name, date of birth, and detailed treatment history is enough to support social-engineering attacks and to enrich data already circulating from other healthcare breaches.
Parents of pediatric patients should treat this as a higher-stakes event than a typical adult-records breach, even at this relatively small headcount.
What Park Place is offering
The practice is offering complimentary credit monitoring and identity-theft protection services through IDX to affected individuals. Questions can be directed to the IDX call center at 833-903-3648, Monday through Friday, 6:00 a.m. to 6:00 p.m. Pacific Time.
Park Place has also said it has reeducated the employee involved, redoubled training on secure handling of mobile devices, and committed to encrypting portable devices that contain patient data going forward.
Class-action activity
As of the date this page was last updated, we are aware of no class-action complaints filed against Children’s Dental Center at Preston Trail, P.C. or Park Place Pediatric Dentistry in connection with this incident. We will update this page if filings appear on PACER or in state court dockets.
What to do if you may be affected
- Enroll in the IDX monitoring offered in your notification letter. It is free and includes identity-theft restoration services.
- For minor children, place a child credit freeze with all three nationwide consumer reporting agencies (Equifax, Experian, TransUnion). Each bureau has a specific process for minors — it is free, and it prevents anyone from opening credit in your child’s name until you lift the freeze.
- For adult guardians, place a standard credit freeze at all three bureaus if you have not already. It is free, takes about ten minutes per bureau, and is the highest-leverage single action against identity theft.
- Save your notification letter. It documents your standing if a class action is later filed or if you need to dispute fraudulent accounts.
- Watch for phishing. Targeted scams that reference your child’s dental visits or treatment dates can be highly convincing. Park Place will not ask for Social Security numbers or payment information by email or phone in connection with this incident.
- Bookmark this page. We update it when new public information becomes available.
Sources on this page
- HHS Office for Civil Rights Breach Portal — federal regulatory record of this breach.
- Park Place Pediatric Dentistry — Notice of Data Security Incident — the practice’s own substitute notice.
- HIPAA Journal — coverage of the Park Place Pediatric Dentistry breach — independent trade press summary including the 1,690-patient count.
- Becker’s Dental Review — Texas pediatric dental practice suffers data breach — dental industry coverage of the incident.
- DrBicuspid — coverage of pediatric dental practice incidents — broader context on pediatric-dental sector exposure.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Park Place Pediatric Dentistry — Notice of Data Security Incident
- HIPAA Journal — Data Breaches Announced by Central New York Cardiology & Park Place Pediatric Dentistry
- Becker's Dental Review — Texas pediatric dental practice suffers data breach
- DrBicuspid — Coverage of pediatric dental practice breaches
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.