The AAO has formed an exclusive endorsement agreement with Black Talon Security, LLC, a leading provider of cybersecurity, HIPAA compliance and PCI (payment card industry) solutions specifically to dental practices.

The AAO negotiated the endorsement agreement to provide strong value to AAO members via discounted services. AAO member practices can take advantage of discounted pricing for Black Talon’s cybersecurity one-time audits, monthly cybersecurity services and HIPAA compliance services.

View the Black Talon Services and Discounts Chart for AAO Members

AAO members can learn more and contact Black Talon using the following link:
– Click here to access the Black Talon discounts page for AAO members

A security breach can have a significant financial impact on an orthodontic practice (and potentially compromise its reputation.) This level of risk is leading many health professionals to consider engaging with dedicated cybersecurity companies as a necessary component of doing business. There has been a dramatic increase in cybersecurity threats against healthcare providers1, and it is believed orthodontic practices are also actively being targeted by cyber criminals. An attack can create chaos, which can include the interruption of business and an inability to access patient data. The negative PR associated with these attacks can also damage reputations and have an adverse effect on referral relationships.

Not only are there very stringent HIPAA laws related to the protection of patient data, but there may also be comprehensive state laws related to the theft/breach of records. Orthodontists may have one of the highest risk databases in healthcare because of the ages of patients, many of whom are likely to be minors. In addition, the loss of trust from patients’ parents, the community and referral sources can be disastrous.

One should not assume that their IT company can effectively protect their network. Many IT companies may not have the training, tools or certifications required to protect an orthodontic practice from this new epidemic of cyberattacks being launched against dental practices.2

Mitigating the threat of a cyberattack usually requires vulnerability identification and management and network penetration testing by an ethical hacker. Typically, only cybersecurity companies have the tools required to properly identify the vulnerabilities of a network. One of the most important services that Black Talon provides is Cybersecurity Awareness Training. This training, which is not only necessary but required under the HIPAA Security Rule3, will help create “human firewalls” to significantly mitigate risk.

In some instances, firewalls and anti-virus software are no longer enough to protect a network. Cyber criminals are very sophisticated and consider these as mere obstacles that can easily be bypassed resulting in a ransomware attack and/or data breach. Networks are being exploited by vulnerabilities in computers; servers; firewalls; smart devices such as security cameras, smart TVs, and digital thermostats; software; and even team members (AKA “hacking the human”).

Cloud and MAC-based systems are also vulnerable to cyberattacks and one should not assume data is safe. Cybercriminals are also launching attacks directly against IT vendors and other 3rd parties who have the “keys to the castle” (usernames, passwords, etc.). A breach at their organization could result in a breach at their client’s practice. Working with a cybersecurity company can provide sophisticated tools and technologies that help mitigate the risk of a data breach.

* The AAO endorses the Black Talon cybersecurity program (the “Program”). The AAO does not certify, guarantee or warrant the products, services, or offerings provided by Black Talon, its platform or its employees, agents, subcontractors, or vendor. The AAO will not be liable for any indirect, special, incidental, or consequential loss or damage of any kind, including lost profits (whether or not the parties have been advised of such loss or damage) arising in any way in connection with the Program.

1. Caban K. “Breached Patient Records Tripled in 2018 vs 2017, as Health Data Security Challenges Worsen.” Protenus, February 12, 2019. Downloaded from https://www.protenus.com/press/press-release/breached-patient-records-tripled-in-2018-vs-2017-as-health-data-security-challenges-worsen

2. Joy J. “The Importance of an Independent Cybersecurity Audit in the Dental Practice.” Black Talon Security Blog, October 5, 2018. Downloaded from https://www.blacktalonsecurity.com/single-post/2018/10/05/The-Importance-of-an-Independent-Cybersecurity-Audit-in-the-Dental-Practice

3. U.S. Department of Health and Human Services. “Summary of the HIPAA Security Rule” (Administrative Safeguards – Workforce Training and Management section). HHS.gov. Downloaded from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html