SmilePoint Dental Group Data Breach–What You Need to Know & What to Do Next
Overview
SmilePoint Dental Group reported a cybersecurity incident after the SpaceBears ransomware group claimed responsibility for an attack in mid-May 2026. The incident potentially exposed protected health information and personal data belonging to patients across multiple Texas and New Mexico locations.
SmilePoint Dental Group is a fast-growing dental organization operating 26-28 offices across Texas and New Mexico. The group runs multiple family dental clinics and orthodontics practices in smaller communities under various brands such as Crosby Family Dental, Liberty Family Dental, Jasper Family Dental, SmilePoint Dental, and others. Services include general dentistry, orthodontics, cosmetic care, implants, and preventive treatments using modern equipment.
According to ransomware threat intelligence, SpaceBears posted SmilePoint Dental Group to its data leak site on May 12, 2026, with an estimated attack date of April 14, 2026. The threat actors claim to have stolen patient database information with Social Security numbers and medical histories, access to the local EagleSoft database, and financial reports. The attackers state the data will allow deployment of the company’s database on any PC with full access to SmilePoint’s EagleSoft functionality.
SpaceBears has been active since at least late 2025, targeting various organizations including other dental practices such as Smiles By Steedman in New Zealand and dental organizations internationally.
What Information Was Exposed In the SmilePoint Dental Group Data Breach?
According to the threat actors’ claims, the compromised data includes patient database information with Social Security numbers and medical histories. The breach also allegedly includes access to SmilePoint’s EagleSoft database, which is practice management software commonly used by dental offices to maintain patient records, treatment plans, scheduling, billing, and clinical documentation. Financial reports were also reportedly stolen.
EagleSoft databases typically contain comprehensive patient information including names, addresses, dates of birth, Social Security numbers, insurance information, dental treatment histories, clinical notes, X-rays and imaging, appointment schedules, billing and payment information, and prescription records.
How SmilePoint Dental Group Responded to the Breach?
As of this writing, SmilePoint Dental Group has not issued a public statement regarding the alleged ransomware attack. The group has not confirmed the incident or provided details about its investigation or notification plans.
Healthcare providers that experience breaches involving protected health information are required to notify affected individuals, the U.S. Department of Health and Human Services, and in some cases the media, within specified timeframes under HIPAA. The organization may also face notification obligations under Texas and New Mexico state data breach notification laws.
How to Check If Your Personal Info Is Exposed
If you are a current or former patient of SmilePoint Dental Group or any of its affiliated practices including Crosby Family Dental, Liberty Family Dental, Jasper Family Dental, or other SmilePoint-branded locations in Texas and New Mexico, your protected health information and personal data may have been exposed in this breach.
Monitoring your accounts, reviewing credit reports and explanation of benefits statements, and watching for notification letters from SmilePoint Dental Group are crucial steps in assessing your potential exposure.
What You Can Do If Your Information Was Exposed
If your medical information may have been part of the SmilePoint Dental Group breach, review your financial accounts, credit reports, and medical explanation of benefits forms for any unfamiliar activity. Update account passwords and consider placing a fraud alert or credit freeze with major credit bureaus.
Be vigilant for signs of medical identity theft, including unexpected medical bills, explanation of benefits statements for dental services you did not receive, or insurance claims for treatments at facilities you did not visit. Given the alleged exposure of Social Security numbers, monitor for signs of identity theft and unauthorized use of your personal information.
Be cautious of phishing attempts following this breach. Acting now can limit the long-term consequences and protect your personal, financial, and medical information.
Understanding Your Legal Rights: Data Breach Lawyer Near Me
Victims of data breaches may be entitled to legal remedies if a healthcare provider did not adequately safeguard their protected health information. Dental practices have heightened duties under HIPAA to protect the sensitive medical and personal information they collect and maintain.
Almeida Law Group is actively reviewing the SmilePoint Dental Group incident to determine what legal options may be available for those affected.
If you are a patient of SmilePoint Dental Group or any of its affiliated practices and believe your medical information may have been exposed, you can contact Almeida Law Group for a free consultation.
