Colorado Dental Wellness Ransomware by Anubis (May 2026)

Claim Summary

On May 1, 2026, the ransomware group known as Anubis posted a claim on its dark web leak site alleging a successful attack against Colorado Dental Wellness Center, a US-based healthcare provider operating under the domain coloradodentalwellness.com. The threat actor claims to have exfiltrated clients’ medical data, though the volume of compromised records has not been disclosed. As of this report, Colorado Dental Wellness Center has not issued a public statement, and the claim remains unverified by independent sources.

Threat Actor Profile

Anubis is a relatively obscure ransomware group with no publicly documented track record of confirmed attacks. The group’s total known victim count is unknown, and there is no public research detailing their tools, tactics, or procedures (TTPs). This lack of transparency raises significant credibility concerns, as ransomware groups often exaggerate or fabricate claims to pressure victims into paying ransoms. Without established operational history or known malware signatures, it is difficult to assess the group’s technical capability. No YARA rules or detection guidance are currently available for Anubis, and no public indicators of compromise (IOCs) have been shared by security researchers.

Alleged Data Exposure

According to the leak site post, Anubis claims to have accessed and exfiltrated clients’ medical data from Colorado Dental Wellness Center. The specific types of medical data allegedly compromised have not been detailed, but in the healthcare sector, such breaches typically include patient names, dates of birth, medical histories, treatment records, insurance information, and possibly Social Security numbers or payment details. The absence of a disclosed data volume suggests either a limited breach or an attempt by the threat actor to maintain leverage by withholding specifics. Yazoul Security has not obtained or reviewed any samples of the alleged data.

Potential Impact

If the claim is substantiated, the impact on Colorado Dental Wellness Center and its patients could be severe. Healthcare data breaches carry significant regulatory consequences under HIPAA, including potential fines, mandatory patient notifications, and legal liability. Affected patients may face risks of medical identity theft, insurance fraud, or targeted phishing campaigns using their medical information. For the dental practice, reputational damage could erode patient trust and lead to financial losses from remediation costs, legal fees, and potential class-action lawsuits. The lack of disclosed data volume makes it impossible to estimate the scale of exposure at this time.

What to Watch For

• Official confirmation: Monitor Colorado Dental Wellness Center’s website and official communications for any breach notification or statement.
• Patient outreach: Be alert for phishing emails or phone calls that reference the breach and request sensitive information.
• Dark web activity: Watch for any subsequent posts from Anubis or other threat actors offering the alleged data for sale or distribution.
• Regulatory filings: Check the HHS Breach Portal for any HIPAA breach reports filed by the practice.
• Group credibility: Track Anubis’s activity for future claims to assess whether this is a genuine operation or a bluff.

Disclaimer

This report is based solely on an unverified claim posted by the Anubis ransomware group on their dark web leak site. Yazoul Security has not independently confirmed the attack, the exfiltration of data, or the identity of the victim. Ransomware groups frequently fabricate or exaggerate claims to pressure victims. All information herein should be treated as preliminary and subject to change upon verification. No data samples, download links, or access credentials have been reviewed or are provided in this report. Organizations are advised to conduct their own due diligence before taking any action based on this intelligence.