Sonrisas Dental Health Data Breach Lawsuit

Legal Representation for Victims of Data Breaches in California

The Data Breach Attorneys at Potter Handy Law Firm have the knowledge and resources to thoroughly examine your case, conduct an investigation into the breach, and, when needed, fight for justice.

Potter Handy LLP is currently reviewing cases on behalf of individuals affected by the Sonrisas Dental Health data breach. These individuals may have had their personal and confidential information illegally accessed by an unknown third party during the Sonrisas Dental Health data breach. Potter Handy LLP will conduct a complimentary assessment of your data breach claim in order to safeguard the rights and privacy of all those impacted by the Sonrisas Dental Health data breach.

We are only interested in claims that arose in California. Contact us today by filling out the form on this webpage to learn more about how we can help you with your case.

ABOUT SONRISAS DENTAL HEALTH

Sonrisas is a nonprofit healthcare organization headquartered in San Mateo, California, with an additional clinic in Half Moon Bay. Since its founding in 2001, Sonrisas has been dedicated to delivering comprehensive dental care to the community. Its services span pediatric, adult, geriatric, and special needs dentistry, as well as sedation dentistry and oral health outreach programs. In the 2022–2023 fiscal year alone, Sonrisas provided care to more than 4,500 patients across over 13,000 visits. The organization employs a team of over 10 professionals committed to promoting accessible, compassionate oral healthcare for all.

What Happened?

On or around March 4, 2025, Sonrisas detected suspicious activity within its systems, prompting immediate action to secure its network and initiate a comprehensive investigation. By April 14, 2025, the investigation confirmed that certain individuals’ personal information had been accessed and potentially acquired without authorization. Since then, Sonrisas has worked diligently to determine the scope of the incident and identify those affected. Following the incident, the BianLian group claimed responsibility for the ransomware attack and publicly disclosed details of the breach on the Tor network.

On May 2, 2025, the organization formally reported the breach to the U.S. Department of Health and Human Services’ Office for Civil Rights. In accordance with federal reporting requirements for breaches involving protected health information (PHI), it is believed that approximately 15,644 individuals in the United States were impacted. Sonrisas is actively notifying those affected and remains fully committed to protecting the privacy and security of the information it maintains.

If you’ve received a notification about a data breach, it is vital to understand the seriousness of the situation. Your personal and protected health information may have been compromised, making it vulnerable to cybercriminals. Given these circumstances, it is essential to act swiftly by contacting our highly qualified Data Breach Lawyers. These attorneys can effectively protect your legal rights and ensure those responsible are held accountable.

By selecting a qualified Data Breach Lawyer, you can be assured that your interests are protected thoroughly during the entire case, providing you with peace of mind.

What Information Was Involved in the Sonrisas Dental Health Data Breach?

The breach exposed a wide range of sensitive data, putting individuals at risk of identity theft and fraud. The compromised data may include a combination of personally identifiable information (PII) and protected health information (PHI). While the full extent of the breach is still under investigation, the following types of information may have been involved:

  • Personally Identifiable Information (PII):

    • Full name

    • Driver’s license number

    • Social Security number

    • Date of birth

  • Protected Health Information (PHI):

    • Medical and dental records

    • Treatment details or history (as applicable)

In addition, the BianLian ransomware group has claimed responsibility for the attack and alleged on the dark web that they obtained:

  • Financial and accounting records

  • Human resources (HR) data

  • PII and PHI of patients

  • Confidential information related to business partners, vendors, and healthcare providers

  • Internal and external email communications

  • Database exports

It is important to note that these claims have not yet been independently verified.

Protecting Consumers’ Privacy Rights Following the Sonrisas Dental Health Data Breach

If you were notified that your information had been stolen as a result of the Sonrisas Dental Health data breach, you may be entitled to compensation or other remedies.

Don’t wait until it’s too late to protect your rights and seek compensation. Contact us today by filling out the form on this webpage for a free consultation and to learn more about how we can help you with your case. Our attorneys are available 24/7 and there are no out-of-pocket expenses for our clients. Let us help you seek justice and hold companies accountable for their negligence in protecting personal information. Regrettably, we are unable to respond to phone inquiries. Free Consultations 24/7No out-of-pocket expenses.