Dental Cyber Watch – March 2024

Is your dental organization adequately prepared for a cyberattack and do you have a true understanding of your cyber risk? 

What technology and human intellect have you added to your security stack to identify your risk? 

Do you have true visibility into your cyber risk from both a technical and executive perspective?

Over the past two years, there has been a significant increase in cyberattacks targeting the DSO/DMO community, and this trend shows no signs of abating. The dental sector has emerged as particularly vulnerable to this damaging crime. Numerous small and large DSOs/DMOs were impacted by ransomware events in 2023 and some of these even made national headlines.

To foster awareness and understanding of the severity of this debilitating criminal activity, Group Dentistry Now is featuring a monthly article: Dental Cyber Watch.

This ongoing series will delve into various aspects of cybersecurity and business risk management, including:

  • Notable healthcare data breaches and cyberattacks
  • Analysis of cyber events and what could have been done to mitigate them
  • Examination of operational disruptions, both administrative and clinical
  • Evaluation of the impact on revenue and reputation
  • Strategies for mitigation and effective response
  • Understanding the short and long-term legal consequences of a cyber event

By offering insights and awareness, Dental Cyber Watch aims to equip the industry with valuable information to proactively address and mitigate cyber event disruptions in both DSOs and private practices.

🔦Cyber Story Spotlight

Change Healthcare’s “Right of the Boom” Shockwaves

Change Healthcare is now in the fourth week of a debilitating cyber attack, and all signs point to a protracted recovery. The ripple effect of the attack is both widespread and ongoing. Delays and complete outages in billing, prescription writing, and insurance authorizations for treatments are jeopardizing the solvency of some healthcare providers.

Ransomware gangs take credit for Change Healthcare breach

Unconfirmed reports suggest a ransom of $22 million was paid to the threat actors, traced to the notorious BlackCat/ALPHV gang, which has caused significant disruption in the dental community. The expected deletion of compromised data may not have occurred due to infighting between BlackCat and its subsidiary – the actual perpetrators of the attack – creating the potential for an even greater disaster for Change Healthcare.

Conversations with several of our DSO clients reveal that this event has had an immediate negative impact on their revenue cycles, forcing many to seek alternative solutions to maintain operations rapidly.

This incident raises a critical question: if an external breach can have such a profound impact, what could a direct attack on your DSO do?

A new normal for organizations post-attack

In the inaugural edition of Cyber Watch last month, we learned about a DSO organization paralyzed for over a month by an incident. Now, we examine the new normal for DSOs post-attack, often referred to in cybersecurity circles as “The Right of the Boom.”

A complete operational shutdown is a likely immediate consequence, especially for DSOs with more than five locations, potentially lasting 7–10 business days—a conservative estimate given recent DSO-targeted attacks. Nearly all healthcare breaches involve patient data theft, necessitating a forensic investigation. The era of quick virtual backups and temporary laptop-based operations is over: no data can be moved or accessed until the investigation concludes.

  • Attacks typically impact every workstation and server, and a complete replacement or rebuild of these devices is almost always required.
  • Engaging a cybersecurity firm skilled in threat actor negotiations and forensic investigations is crucial, though often expensive.
  • Ransom payment has become a grim necessity to recover data and to prevent information from being sold, with demands for large dental organizations starting at around $1 million.

Recovering takes a specialized approach

A HIPAA-specialized attorney must review the forensic investigation outcomes to determine if the breach is reportable. Hackers often auction stolen patient data on the Dark Web, sometimes releasing a small percentage to compel ransom payment. Certain U.S. agencies monitor these sites (similar to the LockBit site below) and may be aware of a breach before the affected organization.



Beyond the immediate aftermath, the recovery process is lengthy and expensive, potentially just the start of further troubles. DSOs should expect patient notification and ID monitoring costs, possible compliance fines, and, increasingly, class-action lawsuits due to data theft and exposure. Often, the reputational harm these events can present for healthcare entities layer on PR nightmares and the possibility of patient retention issues when not handled properly.

Today’s prevention secures tomorrow’s future

The outlook may seem bleak, but many attacks are preventable. While there’s no foolproof way to avoid cyberattacks, implementing robust preventative measures can significantly reduce the risk. In these changing times, reevaluating your cybersecurity strategy is crucial to safeguarding your revenue cycle, EBITDA, and growth plans against the consequences of inaction or outdated security practices.

🚨Recent notable healthcare cyber incidents:

WellNow Urgent Care, Aspen Dental Data BreachTAG Urgent Care Support Services, whose brands include Aspen Dental and WellNow Urgent Care, has reported a data breach affecting more than 515,000 people. According to notices sent to affected individuals, Aspen and WellNow were impacted by a ransomware attack on April 25, 2023. Following a review of files removed as a result of the security incident, the companies found in mid-December that certain individuals’ personal information may have been subject to unauthorized access. Data exposed in the breach includes full names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers, dates of birth and medical information. Attorneys working with are looking into whether a class action lawsuit can be filed in light of the breach.

Manx Dental Surgery repoens after being closed for several weeks due to a cyber attack. The UK-based Manx dental surgery, a vital healthcare provider in the local community, has recently reopened after a significant delay caused by a takeover. This development marks an end to a period of uncertainty for the 6,600 registered patients who rely on the surgery for essential dental services. The closure had lasted several weeks, causing understandable inconvenience and concern among patients.

CDC Dental Management, Co., LLC (dba Kids Care Dental & Orthodontics or “Kids Care”) has learned of a data security incident that may have impacted data belonging to certain employees and patients. On June 17, 2023, Kids Care became aware of unusual activity that disrupted access to certain systems. The investigation revealed that an unknown actor gained access to and obtained certain data from the Kids Care network on or about June 15, 2023. Kids Care then worked with additional experts to conduct a comprehensive review of the impacted data to determine what personal information was involved. This process was completed on February 29, 2024. The personal and protected health information that may have been involved in the incident varied by individual but included the following: individuals’ names, Social Security numbers, driver’s license or state identification numbers, dates of birth, medical information, diagnosis, diagnosis code, treatment information, provider name, treatment location, health insurance information, billing/claim information, health benefit plan number, and subscriber member number.

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit

Have a cybersecurity question or concern that you would
like addressed in future Dental Cyber Watch articles,
please email it to