SafePay Ransomware Group Exposes Sensitive Data from NSW Dental Practice
The SafePay ransomware group has claimed responsibility for a cyberattack on Smile Team Orthodontics, an NSW-based dental practice with six clinics across Wollongong, Shellharbour, the Southern Highlands, Parramatta, Drummoyne, and Burwood. The hackers listed the practice as a victim on their darknet leak site on 6 March, and published stolen data on 10 March.
The leaked files include staff listings, personal details (home addresses, emails), medical certificates, training records, and hundreds of DentiCare patient payment plans. Patient treatment histories were also exposed, creating significant risks for identity theft and fraud.
SafePay, first observed in October 2024, has rapidly expanded its operations, claiming over 430 victims across Australia, the UK, US, Italy, New Zealand, Canada, and other countries. The group denies operating as a ransomware-as-a-service (RaaS) provider. Recent high-profile attacks include Queensland’s Hyperdome healthcare provider (December 2025) and IT giant Ingram Micro (July 2025), which resulted in the exposure of 42,521 individuals’ personal data.
Smile Team Orthodontics, which specializes in orthodontic treatments for all ages, has not responded to requests for comment. The breach underscores the growing threat of ransomware attacks targeting healthcare providers and the potential for sensitive data to be weaponized by cybercriminals.
Smile Team Orthodontics cybersecurity rating report: https://www.rankiteo.com/company/smile-team-orthodontics
"id": "SMI1773116744",
"linkid": "smile-team-orthodontics",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of patients',
'industry': 'Healthcare',
'location': 'Wollongong, Shellharbour, Southern '
'Highlands, Parramatta, Drummoyne, Burwood '
'(NSW, Australia)',
'name': 'Smile Team Orthodontics',
'type': 'Dental Practice'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Staff personal details',
'Medical records',
'Patient payment plans',
'Patient treatment histories']},
'date_publicly_disclosed': '2025-03-06',
'description': 'The SafePay ransomware group claimed responsibility for a '
'cyberattack on Smile Team Orthodontics, an NSW-based dental '
'practice. The hackers listed the practice as a victim on '
'their darknet leak site on 6 March and published stolen data '
'on 10 March. The leaked files include staff listings, '
'personal details, medical certificates, training records, and '
'hundreds of DentiCare patient payment plans, along with '
'patient treatment histories.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Staff listings, personal details (home '
'addresses, emails), medical certificates, '
'training records, DentiCare patient payment '
'plans, patient treatment histories',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'motivation': 'Data exfiltration and extortion',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'SafePay'},
'references': [{'date_accessed': '2025-03-10',
'source': 'Darknet leak site (SafePay)'}],
'threat_actor': 'SafePay ransomware group',
'title': 'SafePay Ransomware Attack on Smile Team Orthodontics',
'type': 'Ransomware'}