Top 5 Ways That Dental Practices Get Hacked

It shouldn’t come as a surprise at this point that hackers are increasingly targeting dental practices with sophisticated ransomware attacks. All practices are attractive targets for criminals due to the vast amount of sensitive patient data they possess, including financial information, Social Security numbers, names, and addresses. This information is highly valuable on dark web marketplaces, where it can be bought and sold for various malicious purposes, such as financial fraud and identity theft.

Here are the top 5 ways hackers successfully breach dental practices:

• Phishing attacks: Hackers use convincing emails, messages and now even phone calls to trick dental practice employees into revealing sensitive information, such as login credentials, allowing them to gain access to the network. Sometimes the click alone is enough to launch damaging ransomware onto a network without the target giving up any sensitive information. It’s been said that up to 99% of all ransomware attacks are the result of hackers successfully socially engineering their targets. While this is certainly the most common methodology that hackers use to target practices, the data coming from the insurance industry and companies who provide “Incident Response” services, puts that number at closer to 65% – 70%. (Training your team on cybersecurity awareness significantly reduces the likelihood of your business falling victim to this type of attack). 

• Network vulnerabilities: Hackers exploiting weaknesses in dental practice networks is the 2^nd most common way that criminals breach practice networks. Vulnerabilities exist on every dental network and come in many forms. Some examples of network vulnerabilities are outdated / unpatched software, open ports (often left open by accident) or firewall misconfigurations. Implementing an ongoing vulnerability detection and remediation strategy is a key part of any preventative cybersecurity strategy. (Annual and quarterly scans are no longer sufficient).

• Weak passwords: Easily guessable or default passwords can allow hackers to gain access to Dental practice systems and data. Also, never keep password lists in a document on your systems or write passwords down. (Utilize a password manager to share credentials among users who may need to access portals with shared logins and always use strong passwords).

• 3^rd Party Company Access: Outsourcing services has become a vital and necessary part of daily operations for most dental practices. IT companies, billing companies and 3^rd party RCM companies are all important services that many dental practices utilize daily. 3^rd party providers who have weak security measures in place represent risk to their clients. (Only work with 3^rd party companies who can provide you with a copy of a 3^rd party risk assessment that they had performed against themselves).

• Supply chain attacks: Hackers may target dental practice suppliers or vendors, such as EHR / EMR software providers, supply companies, etc. to gain access to sensitive information or gain access to their client’s networks. Hackers can also disrupt the business continuity of supply chain clients by disrupting the continuity of the supply chain companies themselves. The financial strain that the Change Healthcare attack caused for tens of thousands of practices is a perfect example of this type of attack. (See suggestion above for minimizing 3^rd party access risk).

The consequences of a hacking event can be devastating to any practice or DSO. According to the U.S. Department of Health and Human Services, the dental data of over 88 million people was exposed in the first 10 months of 2024. To mitigate these risks, dental practices must implement robust cybersecurity measures, such as regular vulnerability scanning with fast remediation, using strong passwords, and providing employee training on cybersecurity best practices.

Additionally, all healthcare organizations should consider investing in cybersecurity insurance and developing incident response plans to quickly respond to hacking incidents. By taking these steps, practices can significantly reduce their risk of being hacked and better protect their sensitive patient data and the continuity of their operations. It is past time for all DSOs to focus on preventing hacking incidents and responding quickly and effectively if an incident occurs.

---

🚨Recent notable healthcare cyber incidents:

Hapy Bear Surgery Center has agreed to pay $607,500 to settle a proposed class action lawsuit filed over a data breach that targeted the dental clinic in December 2023. The settlement covers more than 109,000 people whose personal identification information was stored in Hapy Bear Surgery Center’s systems at the time of the December 27, 2023 cybersecurity incident and who were impacted by the data breach.

According to the class action lawsuit against Hapy Bear Surgery Center, the dental clinic failed to take proper steps to protect the data in its care, which led to the exposure of names, addresses, medical information, health insurance details, Social Security numbers and driver’s license numbers. The court granted preliminary approval to the Hapy Bear Surgery Center settlement in October 2024, and a final approval hearing is set for February 24, 2025.

---

Amergis Healthcare Staffing, Inc. recently experienced a data breach involving unauthorized access to its email accounts. The incident, which potentially exposed the personal information of 11,329 individuals, was identified when Amergis detected unusual activity within its email environment.

According to a report provided to the Texas Attorney General’s Office about the Amergis Staffing Healthcare data breach, the compromised personal information may include individuals’ names, addresses, Social Security numbers, driver’s license numbers, medical information, health insurance details, and dates of birth.

In response to the breach, Amergis has taken steps to secure the email accounts, engaged third-party experts to enhance data security, and is now notifying individuals who may have been affected by the incident.

---

Community Health Center, Inc. (CHC), which provides medical, dental, behavioral and school-based health care services throughout Connecticut, recently experienced a data breach involving unauthorized access to its computer systems on January 2, 2025. Upon detecting unusual activity, Community Health Center engaged cybersecurity experts to investigate and strengthen its systems’ security. The investigation revealed that a “skilled criminal hacker” infiltrated the company’s systems and potentially accessed sensitive data.

The Community Health Center data breach reportedly affected 1,060,936 people, including current and former patients, people who received COVID tests or vaccines at a clinic operated by CHC, and guarantors or people who provided insurance for patients.

The types of information compromised in the breach varied by individual but may have included names, birthdates, contact information, demographic details, diagnoses, treatment details, test results, medications, vaccine information, Social Security numbers, and health insurance information. Community Health Center is sending data breach notices to affected individuals specifying what types of information may have been exposed.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.