As cybersecurity incidents rise in frequency and complexity, the burden of defense has shifted from the server room to the boardroom. In this first video episode of Group Dentistry Now’s Dental Cyber Watch Live (see below), Gary Salman (CEO, Black Talon Security), Shawn Manis (CIO, Chord Specialty Dental Partners), and Bill Neumann (CEO, Group Dentistry Now) discuss why executive accountability is the defining theme for DSOs of all sizes in 2026.
Watch Cyber Watch – LIVE – episode 1:
The Accountability Inflection Point
For years, cybersecurity was often treated as a siloed IT issue. However, 2026 marks a shift toward Governance, Risk, and Compliance (GRC), where security is integrated directly into business goals and patient care.
- Business Alignment: Security must align with operational priorities, such as maintaining revenue cycles and ensuring uninterrupted patient services.
- The “When, Not If” Reality: Leaders must accept that a breach is inevitable; the goal is to mitigate the impact through intentional, upfront efforts.
- Visibility as a Mandate: A primary risk for many DSOs is a lack of visibility into their external perimeters, such as firewalls and internet-facing devices.
Breaking Down Silos: Aligning the C-Suite
A common pitfall during a ransomware event is a lack of alignment between departments, leading to chaos and finger-pointing. To avoid this, successful DSOs—from emerging groups to large-scale enterprises—are moving toward a unified approach to security:
Department |
Role in Cybersecurity |
| CEO/Board | Sets the risk appetite, defines how leadership/staff need to view security, and ensures security priorities align with overall business growth goals. |
| Legal/Compliance | Bridges the gap between technical security and meeting regulatory/compliance requirements. Manages the legal steps following a security breach, reporting to regulatory bodies, and breach response to mitigate risk. |
| Operations/HR | Champions staff cyber awareness training to aid in preventing cyberattacks. Evaluates the impact of downtime on patient care and ensures payroll/HR systems remain functional. |
| IT/CIO | Integrates proactive security controls to protect data while enabling business growth. Acts as the technical expert executing SOPs and maintaining the security stack and remediation efforts, often in partnership with an external cybersecurity firm. Leads data breach forensics and technical aspects during an incident response. |
The “CPR” Approach to Incidents: During a crisis, responsibilities must be explicitly called out. Rather than a general “someone call 911,” leaders must assign specific roles—such as who handles governing body notifications versus who works with the forensic firm.
Quantifying Risk with the “Cyber Risk Rating”
Executives often find technical security data overwhelming. To bridge this gap, DSOs are adopting a Cyber Risk Rating—a metric that provides a real-time snapshot of the organization’s security posture.
- Translating Tech to Business: A score allows a CEO to quickly understand why risk might have increased—for example, due to onboarding new locations with legacy systems.
- Data-Driven Investment: Metrics provide the evidence needed to make business decisions, such as whether to invest in refreshing aging hardware or accept the current level of risk.
Proactive Maintenance vs. Reactive Crisis
Shawn Manis likens cybersecurity to car maintenance: regular oil changes and tire pressure checks prevent a breakdown on the side of the road. For a DSO, this proactive “maintenance” includes:
- Tabletop Exercises: Conducting dry runs and walkthroughs of security incident policies to ensure every leader knows their part.
- Regular Briefings: Maintaining a standing agenda item for cybersecurity in bi-weekly executive meetings.
- Vulnerability Management: Using tools like Microsoft Secure Score and specialized portals, such as EAGLEi™ by Black Talon, to track and remediate gaps daily.
Conclusion
Executive accountability is no longer optional. By fostering a culture where leadership is engaged and risk is quantified, DSOs can protect their patients, their reputation, and their bottom line from the evolving threats in 2026.
Is your DSO’s leadership team aligned when it comes to cybersecurity challenges? Schedule a consultation to learn how to bridge the gap between IT and the C-suite for a more secure future.
🚨 Recent notable healthcare cyber incidents:
A proposed class action filed in the U.S. District Court for the Northern District of Oklahoma alleges Lumio Dental failed to protect patient data, leading to a ransomware attack by the Nitrogen gang. The Salinas v. Spring Management OK LLC lawsuit claims the company lacked basic cybersecurity safeguards and did not follow industry standards, resulting in the theft of sensitive health and billing information. The plaintiff seeks to represent a nationwide class and is pursuing damages and other relief.
Issaqueena Pediatric Dentistry PA in Seneca reported a November 2025 ransomware attack in which the INTERLOCK group claimed to have stolen more than 118 GB of data, potentially including patient and employee PII and PHI. The breach was disclosed to the U.S. Department of Health and Human Services, and the practice is offering affected individuals complimentary identity protection services while its investigation continues.
360 Dental PC, based in Northeast Philadelphia, reported a data breach affecting 11,273 individuals after an unauthorized party accessed its server on Nov. 16, 2025, locking files and exposing sensitive data. Compromised information includes patient names, Social Security numbers, dates of birth, contact details, clinical and dental records, and insurance information. The breach was reported to the U.S. Department of Health and Human Services on Jan. 15, 2026. The practice has since rebuilt its systems, strengthened cybersecurity measures, and is advising affected individuals to monitor credit and insurance statements for suspicious activity.
Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.
Have a cybersecurity question or concern that you would
like addressed in future Dental Cyber Watch articles,
please email it to info@groupdentistrynow.com
