- Total Records24,013,620
- Unique Emails2,461,905
- Unique Usernames913,560
- Unique First Names9,561,541
- Unique Addresses10,326,363
MMG Fusion Dental Platform Data Breach: What Happened in December 2020?
In December 2020, MMG Fusion—a company specializing in dental practice management solutions—suffered a significant data breach that resulted in the exposure of sensitive information related to millions of dental patients and staff. MMG Fusion provided platforms to help dental offices manage appointments, communications, and patient records. During this breach, a large volume of data—over 29 million records tied to approximately 2.6 million unique email addresses—became accessible to unauthorized parties. The compromised data included names, email addresses, physical addresses, appointment details, phone numbers, genders, dates of birth, and marital statuses. A smaller subset of records also contained bcrypt-hashed passwords. This incident brought attention to the importance of robust data protection in healthcare practice management software.
What Data Was Exposed in the MMG Fusion Breach?
The breach involved a comprehensive set of personal and appointment information, both for patients and staff at dental practices utilizing MMG Fusion's services. Specifically, the following data types were compromised:
- Email addresses
- Names
- Physical street addresses (including street number, street name, city, state, and ZIP code)
- Phone numbers
- Dates of birth
- Gender
- Marital status
- Dental patient appointment details
- Bcrypt-hashed passwords (small number of users)
- Associated company name
Although most users' password information was not impacted, the presence of personal identifiers and contact details highlights the broad scope of the breach.
How Many Users Were Affected?
The breach exposed data related to about 2.6 million unique email addresses, with the total number of individual records reaching nearly 30 million. These records represented patients, dental practice staff, and other associated individuals within MMG Fusion's ecosystem.
Timeline of the MMG Fusion Breach
The incident occurred around December 1, 2020. While the breach was identified and contained later, the initial exposure window could have left sensitive information vulnerable for an undetermined period during that month. This incident quickly made its way into data breach and cybersecurity intelligence forums due to the volume and sensitivity of health-related information involved.
FAQ About the MMG Fusion Data Breach
What caused the MMG Fusion data breach in December 2020?
The breach resulted from vulnerabilities within MMG Fusion's data management systems, which allowed unauthorized parties to access a database containing patient and staff information across dental practices using their platform.
How many patient and staff records were exposed in the MMG Fusion breach?
Approximately 29,997,918 records were exposed, affecting about 2.6 million unique email addresses tied to patients and staff members.
What information about patients was compromised?
The breach exposed names, emails, physical addresses, phone numbers, dates of birth, gender, marital status, appointment information, and, for some, bcrypt-hashed passwords. No financial or health insurance data was reported as compromised in the attack.
When did the MMG Fusion breach happen?
The incident occurred in December 2020, with initial signs of compromise recognized around December 1st.
How can I check if I'm in the MMG Fusion breach?
You can check if your information was part of the MMG Fusion breach by utilizing the DeHashed search engine.