With the average cost of a data breach now reported as reaching $4.5 million and even small healthcare organizations at risk of ransomware attacks and other cybersecurity issues, continued focus on cybersecurity strategies is essential to reducing risks.
An AAO trustee and a past member of the AAO Committee on Technology (CTECH) from 2017-22, Dr. Kenneth Webb encourages colleagues to work with experts to update cyberattack prevention strategies and develop plans that are right for their practices.
Dr. Webb’s concern about this issue is based in part on a personal experience: In 2022, his office and others linked in a group that shares marketing resources experienced a cyberattack that shut down his practice.
“The practice management software had encrypted the patient data, and the hackers had not accessed any patient information,” adds Dr. Webb. “We were very fortunate not to have had an actual data breach. I believe that if the same situation happened today, it would be very unusual not to see patient data accessed.”
Following an investigation led by Black Talon Security, the practice recovered and was able to begin seeing patients again within a week. Black Talon is an AAO-endorsed partner that provides cybersecurity, HIPAA compliance, and PCI (Payment Card Industry) solutions tailored for dental practices.
Dr. Webb committed to ongoing cybersecurity strategies designed to reduce risks to his practice. Strategic approaches may vary from one orthodontic practice to another, but experts’ recommendations typically include the following:
Be Aware of Warning Signs that Your System May Have Been Breached
Instruct your team to report observations of any of the following (and provide them with frequent reminders):
– Your anti-malware/anti-virus program discovered spyware or viruses on your system.
– Your bank accounts were accessed as the result of a phishing scam.
– New programs or unfamiliar files have been installed on the computer.
– Login credentials for any website have been changed without your knowledge and no team member is able to shed light on this situation.
– You experience frequent, random pop-up windows with ads or system warnings.
– You have been told that spam is being sent from your email account.
– Your computer is consistently running slower than normal. A system restart does not fix this issue.” *
* From American Dental Association, “Tips to Safeguard Your Practice from Computer Hackers”
Implement Regular Team Training on Cybersecurity
Employee training in cybersecurity is available from companies specializing in such training as well as from specialized cybersecurity services like Black Talon.
Offering training as part of regular team meetings may also help employees reinforce what they learn with one another. “Understanding Cyber Threats Orthodontists Face,” a guide from AAO Endorsed Insurance, is a helpful tool for training. The guide provides a glossary and guide to the most common threats operating online today.
Improve Password Security with a Password Manager
With a password manager, security is streamlined and the orthodontic team is freed from having to remember passwords.
“Ideally, you would use a secure password manager on every device that you use,” says Steve McEvoy of MME Consulting Inc., which provides technology planning and integration for dental specialists. “It is not hard to find a reliable company that will encrypt your passwords for an affordable fee. A password service with advanced threat protection will also monitor your accounts 24/7 and send an alert to your IT team in case of hacking.
“There are several very good password manager applications that allow you to install them on every device you have, including a PC, Mac, smart phone, etc., and keep them in sync,” adds Mr. McEvoy. “They encrypt your passwords and can even alert you if a password shows up on a breached password list.”
When selecting a password manager app, Mr. McEvoy advises bypassing the free ones. Instead, look for a reasonably priced option that provides desired features such as alerts.
Address Network Vulnerabilities
“Human errors like phishing email mistakes continue to be big problems, with 60 percent of breaches caused by that type of social engineering,” says Gary Salman, CEO of Black Talon Security. “Network vulnerabilities, however, make 40 percent of breaches possible.”
The major takeaway here is that as aware and conscientious as your team may be, firewall issues may easily place your patient data at risk. Vulnerabilities may be caused by factors like age of the firewall, or by misconfiguration by IT members of firewalls or Virtual Private Networks (VPNs).
In addition, unlicensed firewalls do not provide security updates. Most licensed firewalls would require an orthodontic practice to subscribe to updates to that firewall, a step that may be overlooked.
“A licensed firewall subscription generates updates regularly,” says Mr. Salman. “The patches provided through the subscription must be applied by the IT team to help reduce external risk.”
Cybersecurity companies like Black Talon provide system monitoring services that monitor for vulnerabilities on a daily basis and patch them.
Additional Helpful Resources
- The above information is taken from the August-September 2025 AAO Practice Management Bulletin feature on cybersecurity. Click below to view the complete feature, which includes additional details such as:
– What penetration testing is and why it is helpful
– How artificial intelligence can be both a friend and a foe from a cybersecurity standpoint (solutions from managed security services, and hackers’ use of AI to create authentic-looking fake emails)
– Cybersecurity-specific AAO OnDemand Lectures
– Technical and legal insights that may be helpful if your practice experiences a breach
View the Practice Management Bulletin
- A low-cost resource: the government guide, Healthcare and Public Health Cybersecurity | CISA. Much of the information on this site may be useful for orthodontic practice cybersecurity strategy development, especially the section titled, “Strengthen Your Defenses and Mature Your Cybersecurity Efforts.”
