Dentists' bank account numbers and correspondence with a trade body are feared to have been stolen by hackers.
The British Dental Association has told its members that it is still not sure exactly what was accessed in a breach on 30 July.
A spokeswoman told the BBC it was possible that information about patients was exposed, but was vague about the potential context.
The BDA's website has been offline since the attack.
It has urged members to be cautious of any correspondence claiming to be from a bank following the incident.
The organisation is contacting those it thinks had data compromised.
In an email to members, the BDA referred to "logs of correspondence and notes of cases" as being among the information it said it had to be assumed stolen.
A spokeswoman initially told the BBC that the notes related to insurance claims, which could include patient information.
But she later clarified this and said they referred to the BDA's "work as a trade union representing member interests" without providing further information.
The BDA does not hold full patient records.
Its chief executive Martin Woodrow said that an investigation was still underway.
"Owing to the sophistication of these criminals, we cannot, as yet, confirm the full extent of information that has been accessed," he added in the email memo.
"We are devastated and apologise unreservedly for this breach."
The BDA is the professional association and registered trade union organisation for dentists in the United Kingdom.
It does not store members' card details but does hold account numbers and sort codes to collect direct-debit payments.
Mr Woodrow said the association was working to restore its web, telephone and internal networks following the security breach and said the Information Commissioner's Office had been informed.
A dentist who asked to remain anonymous told the BBC they were concerned about fraudsters accessing their bank account, especially during such a period of unprecedented financial stress.
"If the hackers have access to my business name, address and bank details, along with my own personal details, it could be enough to pull off a huge identity theft scam," the dentist said.
"If that happens, I may not be able to pay my staff - and at a time when we have all been working so hard to keep the practice up and running for patients during Covid-19."
Attila Tomaschek, digital privacy expert at ProPrivacy, told the BBC the breach could have serious consequences for those affected.
"The information can be used by cyber-criminals as a launching pad, so to speak, for supplementary efforts at gathering additional personal information from users affected by the breach," he said.
"It is vitally important for any BDA user affected to remain on alert and be careful not to provide any information to anyone unfamiliar to them that may be requesting it."
The BDA has urged its members to remain vigilant and reminded them that legitimate callers would never request card or bank details.