NEW! Dental Cyber Watch

Is your dental organization adequately prepared for a cyberattack and do you have a true understanding of your cyber risk? 

What technology and human intellect have you added to your security stack to identify your risk? 

Do you have true visibility into your cyber risk from both a technical and executive perspective?

Over the past two years, there has been a significant increase in cyberattacks targeting the DSO/DMO community, and this trend shows no signs of abating. The dental sector has emerged as particularly vulnerable to this damaging crime. Numerous small and large DSOs/DMOs were impacted by ransomware events in 2023 and some of these even made national headlines.

To foster awareness and understanding of the severity of this debilitating criminal activity, Group Dentistry Now will be featuring a new monthly article: Dental Cyber Watch.

This ongoing series will delve into various aspects of cybersecurity and business risk management, including:

  • Notable healthcare data breaches and cyberattacks
  • Analysis of cyber events and what could have been done to mitigate them
  • Examination of operational disruptions, both administrative and clinical
  • Evaluation of the impact on revenue and reputation
  • Strategies for mitigation and effective response
  • Understanding the short and long-term legal consequences of a cyber event

By offering insights and awareness, Dental Cyber Watch aims to equip the industry with valuable information to proactively address and mitigate cyber event disruptions in both DSOs and private practices.

🔦Cyber Story Spotlight

Multi-specialty DSO shuttered for weeks from sophisticated attack

In mid-October 2023, a multi-specialty DSO with 15 locations running a Cloud-based EMR system was the victim of a significant ransomware attack. 

DSO Under Siege

The first indications of the event were ransom notes and encrypted files on almost all of the 400+ computers which were discovered by employees at the DSO upon arriving at their desks. Internal IT was contacted by some of the users and the ransom notes and encrypted files were quickly confirmed to be real. 

The DSO’s executive team followed the correct first steps by immediately opening up a claim with their cyber insurance carrier and instructing their IT department to lock the network down to prevent further intrusion into the network. 

Legal counsel and Black Talon Security were brought in to assess and mitigate the attack. 

Over the next few days, they were able to identify the impacted machines, Cloud technology and EMR systems that were compromised. Additional risk mitigation strategies were also implemented to prevent further intrusion and damage to the network. 

Cyber Villians Unleash Havoc

Working with their Cloud-based EMR vendor, it was determined that the hackers were able to gain access to their data and download most of their patient records via workstations within the DSO. The hackers also installed screen sharing applications on most of the computers, which provided them with persistent access to the network.

At the end of the first week, more forensic data was collected and analyzed. 

Starting in week two the difficult recovery process began. Since all of the machines were impacted, they needed to be completely rebuilt from scratch…this included not only workstations, but numerous servers. 

The rebuilding process took an additional two weeks due to the size of the organization.

DSO Held Hostage

The initial ransom demand was in excess of $2,000,000 and the hackers provided a very detailed list of all the patient records and files they stole. The DSO made a decision to pay the ransom in order to get the decryption code to unlock their data and to mitigate the chances of the hackers publishing and selling the stolen patient and operational data. The hackers agreed to accept a payment of $1,400,000, made utilizing Bitcoin (BTC).

Unfortunately, at the four-week mark, the DSO exhausted a $3,000,000 cyber policy and was now paying out of pocket for mitigation and recovery. The DSO was “burning” through approximately $250,000 per day with almost $0 dollars coming in because all locations were still closed.

This DSO experienced a total loss of excess of $5,000,000 due to operational outages, including the inability to see patients or collect A/R, legal fees, restoration and recovery expenses, forensics and the ransom payment. The impact to their EBITDA was significant as a result of having to pay $2,000,000 “out of pocket.”

Lessons Learned

What did the DSO learn from this event? The executive team had questioned their IT department regarding the security measures being implemented. The IT team told the C-Suite that “they were covered.” The IT department was not negligent, they were simply not aware of the sophistication of modern day ransomware attacks and were missing many critical components of a strong security stack. A comprehensive defensive and offensive security stack most likely would have prevented the intrusion and exploitation of their network.

Stay tuned! In next month’s Dental Cyber Watch feature discover the long-term business consequences that many experience in the months and years following a cyberattack.

🚨Recent notable healthcare cyber incidents:

First Choice Dental Notice of Data Security Incident. FCD was the victim of a cybersecurity incident. Upon discovery of this incident, FCD promptly engaged a specialized cybersecurity firm to conduct a forensic investigation to determine the nature and scope of the incident. The investigation concluded; however, the types of information involved is currently being analyzed. FCD will be offering complimentary credit monitoring and identity theft protection services to those impacted individuals.

US Fertility Reaches $5.75M Data Breach Settlement. US Fertility (USF) reached a $5.75 million settlement to resolve allegations of negligence following a 2020 ransomware attack and data breach that impacted nearly 900,000 individuals. USF provides IT platforms and services to a network of more than 200 physicians across 100 clinic locations and more than two dozen IVF laboratories. “USF failed to take adequate and reasonable measures to ensure its computer/server systems were protected against unauthorized access and failed to take actions that could have stopped the Data Breach before it occurred,” the complaint stated. The court will hold a hearing in April to make a decision on settlement approval.

Class-action lawsuit filed against Integris Health following data breach. A class-action lawsuit against Integris Health Inc. was filed in federal court after a data breach. Patients received extortion emails from a cybercriminal group claiming the group stole data that impacted more than two million patients, according to the lawsuit. The cybercriminals said this information included social security numbers, birthdates, addresses, phone numbers and insurance information.

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit

Have a cybersecurity question or concern that you would
like addressed in future Dental Cyber Watch articles,
please email it to