Ransomware victim disclosure
← All victimsMinnesota Orthodontics
Claimed by BianLian · listed 1 year ago
Status timeline
- ListedMar 7, 2025
- Data leakeddate unknown
At a glance
- Group
- BianLian
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Mar 7, 2025
About the victim
AI dossier — public-source company profileMinnesota Orthodontics is a dental practice specializing in orthodontic services, particularly Invisalign treatments. Operating across 13 locations in the Twin Cities area, the company has over 30 years of experience serving adult, teen, and pediatric patients with both clear aligners and traditional braces.
- Industry
- Orthodontic Services & Dental Care
- Founded
- 1994
Attack summary
Severity: high — Confirmed data exfiltration from a healthcare provider; orthodontic patient records contain PII and protected health information (PHI) subject to HIPAA. Multi-location breach affecting potentially hundreds of patient records.BianLian claims to have exfiltrated data from Minnesota Orthodontics. The group has published data as proof of the breach, though specific data categories are not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Patient records
- Personal identification information
- Medical/orthodontic treatment histories
- Financial information
What the group claims
Minnesota Orthodontics is North America's leading Invisalign® provider with over 30 years of experience, serving clients across 13 locations in the Twin Cities. They offer advanced orthodontic services including Invisalign for adults, teens, and children, as well as traditional braces.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

