ShinyHunters — DentaQuest: 234 GB HIPAA claims data published after ransom refusal, 2.6 M Medicaid and dental-benefit records

DentaQuest (Sun Life subsidiary, administering dental/vision benefits for ~35 M US Medicaid and Medicare members) confirmed on 1 June that ShinyHunters published 234 GB of stolen data after ransom negotiations broke down (BleepingComputer, 2026-06-04; BankInfoSecurity; daily 2026-06-05). The dataset — published by late May per BankInfoSecurity — is in HIPAA-format ASC X12 claims interchange; names, postal and email addresses, dates of birth, phone numbers, health-insurance details and Medicaid IDs across 2.6 million unique email addresses. DentaQuest has not confirmed the specific attack vector; the extortion pattern (no encryption, hard deadline, publish-on-refusal) is consistent with the broader ShinyHunters vishing-driven SaaS-access campaign that earlier claimed Charter, Carnival, 7-Eleven, Instructure and Wynn Resorts. The operational reminder: this actor has no backup-based leverage — detection must land at the bulk-export stage (anomalous off-hours claims-system bulk downloads; SaaS API token generation; volume spikes on outbound archive transfers).