Here are some examples of Dental Practices being fined and sued for Data
breaches due to non GDPR Compliance.
Most data breaches go unreported and are settled out of court so are not found in the public records. This the
reason why the ICO and the 2018 GDPR Act insist that every public authority has an “Independent” Data
Protection Officer who will report a data breach withoin 72 hours.
Recent UK Dental Data Breach Incidents
2025 (Sept): Diamond Court Dental reported a system breach involving phishing emails sent to patients,
though reported that health and financial records remained secure.
Read about this https://www.diamondcourtdental.co.uk/important-notice-regarding-gdpr-data-breach-incident/
2024 (Oct): Guernsey-based Fresh Dental suffered a breach following a phishing attack that allowed
unauthorized access to an employee's Microsoft 365 account, leading to sanctions due to security failings. Read
about this:
https://www.odpa.gg/sites/default/files/2025-12/Fresh%20Dental%20Determination%2011.12.2025.pdf
https://www.bailiwickexpress.com/news-ge/dental-practice-breached-data-law-after-hacked-email-sent-
phishing-messages/
2023 (Apr): Congleton Dental Centre suffered a ransomware attack that potentially exposed the names,
contact details, and dates of birth of 15% of its patients.
Read about this: https://congletondental.co.uk/cyber-attack-20th-april-2023/
2020 (July): The British Dental Association (BDA) experienced a cyberattack where hackers potentially stole
bank account numbers and, in some cases, patient information related to insurance claims.
Read about this: https://uk.topclassactions.com/lawsuit-settlements/data-breach/british-dental-association-
data-breach-group-action-open-claim/
Rockwell Data corp