The SafePay ransomware group has listed an NSW-based dental practice as a victim on its darknet leak site and has published a raft of documents stolen during the breach.
Smile Team Orthodontics was listed by the hackers in a 6 March leak post, and data compromised during the incident was published on 10 March.
The data includes staff listings for the practice’s six clinics, staff details including home addresses and personal emails, and medical certificates. Training and certification details have also been published by SafePay, alongside hundreds of DentiCare patient payment plans and other internal documents.
Several patient treatment histories have also been published by the hackers. Taken as a whole, the data published by SafePay could be a goldmine for scammers and other cyber criminals.
Smile Team has confirmed it is aware of the incident.
"Smile Team has recently become aware that it experienced a cyber incident, which resulted in unauthorised access to part of its IT systems. As soon as we became aware of the incident, we acted immediately to contain it and secure our systems," a company spokesperson told Cyber Daily.
"We engaged an external incident response manager and cyber security experts to urgently investigate the incident and determine what information is involved and the scale of the impact."
Smile Team said it takes this breach very seriously and will continue to take "all appropriate steps" to secure its data and contact all impacted individuals.
"Smile Team has notified the Office of the Australian Information Commissioner and the Australian Cyber Security Centre and will cooperate fully with their investigations," Smile Team said.
Who is SafePay?
SafePay was first observed in October 2024 and has been busy since then, claiming more than 430 victims.
The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina, and – according to the group – is not a ransomware-as-a-service (RaaS) operation.
“SafePay ransomware has never provided and does not provide the RaaS,” SafePay said on its leak site.
The group’s most recent Australian victim was Queensland-based healthcare provider, Hyperdome, which was listed by SafePay in December 2025. The group was also responsible for a ransomware attack on IT giant Ingram Micro in July 2025, which led to the company contacting 42,521 individuals whose personal information had been compromised by the incident.
Who is the victim?
Smile Team Orthodontics has six practices across NSW, with offices in Wollongong, Shellharbour, the Southern Highlands, Parramatta, Drummoyne, and Burwood.
The practice focuses on braces and orthodontic treatments, particularly for clients with sleep apnea, and treats children, teens, and adults.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.