Is your dental organization adequately prepared for a cyberattack and do you have a true understanding of your cyber risk? 

What technology and human intellect have you added to your security stack to identify your risk? 

Do you have true visibility into your cyber risk from both a technical and executive perspective?

Over the past two years, there has been a significant increase in cyberattacks targeting the DSO/DMO community, and this trend shows no signs of abating. The dental sector has emerged as particularly vulnerable to this damaging crime. Numerous small and large DSOs/DMOs were impacted by ransomware events in 2023 and some of these even made national headlines.

To foster awareness and understanding of the severity of this debilitating criminal activity, Group Dentistry Now is featuring a monthly article: Dental Cyber Watch.

This ongoing series will delve into various aspects of cybersecurity and business risk management, including:

• Notable healthcare data breaches and cyberattacks
• Analysis of cyber events and what could have been done to mitigate them
• Examination of operational disruptions, both administrative and clinical
• Evaluation of the impact on revenue and reputation
• Strategies for mitigation and effective response
• Understanding the short and long-term legal consequences of a cyber event

By offering insights and awareness, Dental Cyber Watch aims to equip the industry with valuable information to proactively address and mitigate cyber event disruptions in both DSOs and private practices.

---

🔦Cyber Story Spotlight

Is C-Suite or IT Responsible for Cybersecurity?

An effective, preventative cybersecurity strategy has quickly evolved from being merely an IT issue to a critical concern that affects every aspect of a DSO. In an era where data breaches and ransomware attacks are increasingly common, the responsibility of safeguarding an organization’s digital assets extends beyond the IT team to the highest levels of corporate leadership. Here are just a few of the reasons why cybersecurity is not just an “IT Issue” but a strategic imperative that demands the attention and action of executives at the highest level of any dental organization.

Reputation and Brand Protection

A cyber intrusion can tarnish an organization’s reputation and erode patient trust. C-Suite executives, as stewards of the DSOs’ reputation, must prioritize cybersecurity to mitigate the risk of attacks that could lead to long-term damage to their organization’s brand.

Financial Impact

Cyberattacks can have devastating financial consequences, ranging from financial losses due to extortion and the loss of business continuity to indirect costs associated with remediation, legal fees, possible regulatory fines and potential class action lawsuits. C-Suite executives are accountable for ensuring the financial resilience of their organization, making investing in cybersecurity and risk management an integral part of strategic planning.

Legal and Regulatory Compliance

With the proliferation of data privacy regulations, compliance has become a significant concern for all healthcare executives. The C-Suite bears the ultimate responsibility of ensuring that their organization adheres to relevant laws and regulations governing data protection and privacy. This underscores the importance of implementing an effective cybersecurity strategy as a legal imperative.

C-Suite Should Be Leading the Charge!

Effective cybersecurity requires leadership from the top. A security first approach that is promoted by C-Suite helps to set an expectation for the entire company and helps ensure compliance quicker and more effectively than when an organization’s internal or external IT resource tries to mandate it.  The challenge facing many C-Suite members is not knowing the questions that they should be asking their IT resource and not knowing where their existing security has holes. How do you begin to strategize and plan for this security first approach if you don’t have the information you need to create a successful strategy? A good place to start would be to have a conversation with your IT provider. Ask them where they think that they need help or what preventative tools they’re missing to better protect your business. If their answer is “We’re Good” or “We’re Safe” then you may have a bigger problem than you think. During a recent incident response case that we handled for a mid-sized DSO, the CEO made a compelling statement about regretting not asking herself “Who Is Watching the Watcher?” She felt that their situation could have been avoided had she asked herself that question earlier.

Be Strategic!

CEOs, CTOs, CIOs, COOs and CFOs and all members of a DSO’s C-Suite team are constantly faced with difficult decisions about prioritizing where to invest money and resources. Securing your DSO and reducing its cyber risk is now more important than ever. Each of these leaders needs a clear understanding of the risks and threats facing the company and where the organization is vulnerable. Engaging with cyber risk specialists to help identify these areas and providing information on how they can be addressed allows them to cut through the noise, prioritize assets, direct the company’s investments, and support strategic business decisions.

---

🚨Recent notable healthcare cyber incidents:

Risas Dental & Braces learned of a data security incident that may have involved the protected health information of certain patients. On July 10, 2023, Risas, a dental and braces provider that serves patients in Arizona, Colorado, Texas, and Nevada, discovered evidence of unusual activity on its systems. In response, Risas immediately took measures to secure its network, systems, and data. Risas also enlisted the assistance of independent cybersecurity experts to conduct a forensic investigation into the incident and assist in determining what happened. In October 2023, the forensic investigation determined that certain files stored on Risas’ information systems may have been downloaded without authorization. Beginning on March 22, 2024, notice of this incident was provided to potentially impacted individuals. The information potentially involved included the following information: name, contact information, high level treatment information such as procedure names or notes, the initial date or dates of service, and/or insurance subscriber information.

Healthcare data breaches are piling up 3 months into the year. Individuals impacted by these healthcare data breaches at hospitals and other entities are encouraged to monitor account statements and credit reports for suspicious activity. As of the first week of March, 116 healthcare data breaches have been reported to the HHS Office of Civil Rights (OCR) in 2024, impacting over 13 million individuals. The most common breach types were hacking and IT incidents at healthcare systems across the United States. Some of the bigger breaches include: UNITE HERE, Northeast Orthopedics and Sports Medicine, Scurry County Hospital District (Cogdell Memorial Hospital), McKenzie County Healthcare System, and UC San Diego Health

Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the CCM Health data breach. CCM Health has begun notifying patients that its network systems were breached between April 3 and April 10, 2023, resulting in the unauthorized access of their personal data. According to CCM Health’s online notice of the cybersecurity incident, the compromised information may include names, addresses, dates of birth, driver’s license or state ID numbers, passport numbers, Social Security numbers, financial account numbers, routing numbers, payment card numbers and health insurance information. The breach may have also exposed certain medical information, including medical record numbers, patient account numbers, prescription information, healthcare provider names, medical diagnoses, diagnosis codes, treatment types, treatment locations and dates, admission and discharge dates, and/or lab results.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.

---