Do You Have A Cyber Check Engine Light For Your DSO?

Written by: Joseph Hood, Sr. Cyber Risk Specialist at Black Talon Security

What Don’t You Do When Your Check Engine Light Comes On?

You read that correctly. What don’t you do when your check engine light comes on….? Sometimes what you don’t do can be just as critical as what you do. The most common answer I receive is, “I take it to the shop…” Smart answer, but most people are a bit surprised when I point out that the very first thing they chose was to not ignore it. Ignoring a check engine light can allow a minor issue to become a catastrophe.

Another thing most people don’t do is to troubleshoot it on their own. I used to do that. My first career was nearly a decade as an engineering officer in the US Merchant Marine. I operated steam and diesel propulsion power plants on deep-sea vessels under a US Coast Guard 2^nd Assistant Engineer license of unlimited horsepower.

Back then, I changed my own oil, rotated tires and even installed brake lines on an old Ford Bronco. I absolutely would troubleshoot on my own. Nowadays, I take my Ford 20 minutes down the road to Kelly Ford and have a mechanic who works on Fords all day, every day, take care of it for me. Bear with me, I promise this will come back to cybersecurity.

For the heck of it, I Googled ‘what is the function of the check engine light?’

Here’s what I found:

Function: The check engine light is part of the vehicle’s onboard diagnostics (OBD) system, which monitors various engine components and systems for potential issues.

Purpose: When the OBD system detects a problem, it triggers the check engine light to alert the driver that something needs attention.

Importance: Ignoring the check engine light can lead to further damage and potential safety hazards, so it’s crucial to address the issue promptly.

The History of the Check Engine Light

Prior to the 1980s:

Most vehicles had no onboard diagnostics at all. Problems were diagnosed by autobody mechanics. The were NO lights and NO error codes at all. Volkswagen was way ahead of its competitors when they became the first automaker to introduce a rudimentary onboard diagnostics system in 1961.

1980s through the early 1990s (OBD-I era):

GM was the first US automaker to introduce an OBD system in production vehicles in 1980. This first phase of onboard diagnostic systems is referred to as OBD-I. The other automakers quickly followed suit. However, during this era every automaker designed their own proprietary system.

1996 (Start of the OBD-II era):

Starting with the 1996 production year, the EPA and the California Air Resources Board made it mandatory for automakers to include a standardized system referred to as OBD-II. The OBD-II standardized what systems would be monitored, introduced diagnostic codes and required a universal port for scanning devices used to troubleshoot.

What Would You Do If It Wasn’t Working at All?

Most people agree that the check engine light is a critical component in the safe and reliable performance of their vehicle. It is a ubiquitous feature in every vehicle on the road today and drivers instinctively know what it is and what to do if it lights up, without requiring the knowledge of an auto mechanic.

Why am I making such a fuss about the check engine light…? Well, consider what you would do if your dashboard displayed this error message:

**ERROR: ALL warning and indicator lights nonfunctional**

 Most people give the same answer as before, ‘I would take it to the shop’. The thought of your vehicle not being able alert you if there is a mechanical issue is unsettling. Would you even consider buying a new or used vehicle if the onboard diagnostic system was nonfunctional? Of course not. This leads me to my original question.

Do You Have a Cyber Check Engine Light for Your DSO?

A more comprehensive way to phrase this question is, does your DSO have the equivalent of the auto industry OBD-II onboard diagnostic system? Currently, there isn’t a single mandated equivalent to the auto industry OBD-II for healthcare industry cybersecurity, but there are frameworks that are slowly guiding the healthcare industry in that direction. These include HIPAA, the HITECH Act, NIST and the FDA Cybersecurity Requirements for Medical Devices.

Today, cybersecurity is where automobiles were during the OBD-I phase. Every EHR platform developer has its own security model and alert systems. There is no universal classification for breaches or security anomalies. Most systems utilize reactive rather than proactive threat detection. Depending on the organization, vulnerability monitoring and behavioral analysis is limited or non-existent.

As a leader, your goal should be to set your organization on a path towards adopting cybersecurity systems that mirror the alerts and diagnostics that the OBD-II system currently provides drivers and mechanics.

Key Components Your Cybersecurity “Check Engine Light” Should Include:

1. CYBER AWARENESS TRAINING

Alerts:

• Notifies when employee overall training compliance is less than 100%.

Diagnostics:

• Identifies employees who may require additional training to reinforce good habits. 

2. EMAIL SECURITY

Alerts:

• Finds potentially malicious attachments, links and emails from suspicious senders.

Diagnostics:

• Analyzes if attachments and links are malicious.
• Detects changes in writing styles within emails, identifying a potential third-party phishing attack. 

3. VULNERABILITY SCANNING

Alerts:

• Detects high-risk vulnerabilities across your internal and external attack surface.
• Discovers endpoints that are not actively monitored, potentially leaving you exposed.

Diagnostics:

• Performs fully authenticated vulnerability scans of all endpoints and external facing devices multiple times each day.
• Provides detailed remediation instructions, reducing research time required by your team. 

4. ENDPOINT PROTECTION (Antivirus)

Alerts:

• Confirm with your IT Resources that your endpoint protection solution is actually in ACTIVE mode and ready to defend against malicious threats. Cyber attacks have occurred as a result of the EDR solution being left in PASSIVE mode (monitor only).
• Indicates unprotected endpoints, leaving you exposed to malicious threats.
• Ideally, monitored 24/7 by a security team that can alert you outside of normal operating hours if warranted.

Diagnostics:

• Understands what authorized use looks like at your organization and detects both malicious code and malicious behavior such as large file transfers or lateral movement.
• Monitored 24/7 by a security team to assist with diagnosing threats and provide appropriate defensive measures. 

5. OVERALL CYBER HEALTH

Alerts:

• Provides an organization-wide, data-driven, overall cyber risk level and alerts you when your cyber risk level is high.

Diagnostics:

• Delivers benchmarking data of your organization’s cyber risk trend over time to compare against other organizations.

EAGLEi

At Black Talon, we empower DSOs to level up their cyber resilience. Our platform, EAGLEi, functions as your centralized diagnostic and alert system. It unifies vital cybersecurity signals into an intelligent dashboard, giving you the equivalent of a “cyber check engine light” for your DSO.

Take action today. Whether it’s refining employee training, rolling out endpoint protection, or investing in robust vulnerability scanning, start building a comprehensive system that ensures you’re never caught off guard.

Because when it comes to cars and cybersecurity, ignoring warning signs can take you somewhere you do NOT want to go…

---

🚨Recent notable healthcare cyber incidents:

Community Dental Care, Inc., the largest nonprofit Medicaid dental provider in Minnesota, is informing individuals of a data security incident potentially involving their personal and health information.

On December 20, 2024, Community Dental Care discovered suspicious activity in its computer system, with an investigation revealing that unauthorized access occurred around December 6, 2024. A review to determine the information exposed and individuals affected concluded on March 24, 2025.

Information potentially exposed in the Community Dental Care data breach includes names, addresses, birth dates, Social Security numbers, driver’s license/government-issued ID numbers, passport numbers, medical details, and health insurance information. Letters about the breach indicate that data belonging to both employees and patients may have been exposed.

---

Recently, Artistic Family Dental reported to the Attorney General of the Commonwealth of Massachusetts that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on or around November 11, 2024, Artistic Family Dental became aware of unusual activity in its network environment.¹ As a result, Artistic Family Dental launched an investigation to determine the nature of the incident.

Through its investigation, Artistic Family Dental confirmed that sensitive personal information in its systems may have been viewed and obtained by an unauthorized third party during the breach to its network. As a result, Artistic Family Dental began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On January 31, 2025, Artistic Family Dental completed this review. As a result of the data breach, Artistic Family Dental began mailing data breach notification letters to impacted individuals.

---

Reports have surfaced that Vitenas Cosmetic Surgery, a plastic surgery clinic in Houston, may have fallen victim to a cyberattack that exposed patient information. On April 1, 2025, DataBreaches.net reported that a threat actor known as Kairos listed the plastic surgery center on its dark web leak site on March 5 and subsequently leaked what they claimed was 1.34 GB of files.

According to Data Breaches, the leaked files contained sensitive patient information, including nude photos, and internal documents concerning employees and business operations.

A post on a Russian-language forum reportedly stated that the Vitenas Cosmetic Surgery data breach exposed patient names, dates of birth, phone numbers, emails, addresses, Social Security numbers and driver’s licenses.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.