As cyber threats evolve from basic extortion to destructive warfare, Dental Service Organizations face an entirely new landscape of risk. In episode two of Dental Cyber Watch Live, Gary Salman (CEO, Black Talon Security), Brian Colao (Director of Dykema’s DSO Industry Group), Michael Friguletto (CEO, Beacon Oral Specialists), and Bill Neumann (CEO, Group Dentistry Now) unpack recent high-profile breaches and discuss how DSOs must adapt.
Watch Cyber Watch – LIVE – Episode 2:
The clear message for dental groups of all sizes: annual security checks are no longer enough. Here are the key takeaways from the discussion.
The Stryker Wake-Up Call: Destructive Attacks
The recent cyberattack on medical device giant Stryker highlights a disturbing shift in hacker motivations. Unlike financially driven ransomware, this attack utilized “wipers” designed purely for destruction.
- Total System Wipes: The attackers didn’t just lock data; they completely wiped the operating systems of an estimated 200,000+ devices.
- Rebuilding from Scratch: Recovering from a wiper attack requires significant human intervention. You cannot simply restore data from the cloud; every individual machine must be manually rebuilt and reconfigured.
- Supply Chain Impact: Even if your DSO is not directly attacked, an event at a major vendor can severely interrupt patient care and surgical schedules. You do not need to be a household name to feel the profound impact of these disruptions.
Why AI Changes the Cybersecurity Game
Artificial intelligence is rapidly accelerating the speed and scale of cyber threats. Hackers are now using AI to automate attacks, creating a volume of threats that human teams simply cannot manage alone.
- Machine Speed: While human attackers might adapt over days or weeks, AI-driven attacks evolve and execute in milliseconds.
- New Vulnerabilities: As DSOs adopt AI tools and “agentic” AI to improve efficiencies, they inadvertently create new entry points for hackers if these tools are misconfigured.
- Fighting Fire with Fire: To defend against AI-powered threats, DSOs must deploy AI-powered defenses. Human response times are no longer adequate to stop automated breaches once they begin.
Moving to a Continuous Threat Exposure Management (CTEM) Approach
For years, the gold standard in cybersecurity was a point-in-time risk assessment—a snapshot taken every few months to identify vulnerabilities. The panel stressed that this model is now far obsolete to manage cyber risk today.
The new standard is Continuous Threat Exposure Management (CTEM). Leading security firms are evaluating networks every few hours, and soon this will shift to near real-time monitoring. Because your network changes daily—with new employees, devices, and software updates—your security monitoring must be equally persistent.
The Executive’s Team’s Role in Cyber Risk
Relying solely on an internal IT department to validate your security posture is a major operational risk. Internal teams often lack the highly specialized expertise required for complex cyber defense, and they may be hesitant to report vulnerabilities to the C-suite.
To break this cycle, executives must take an active role:
- Conduct Tabletop Exercises: Do a dry run of a total system failure. Ask your team how the business will operate if all computers are turned off for a week.
- Evaluate Risk, Not Just Uptime: Shift the conversation with your IT leaders. Instead of just tracking system uptime, challenge them to present a clear risk evaluation and a strategy for deploying capital to mitigate those vulnerabilities.
- Get Outside Counsel: Just as you would hire specialized outside counsel for a major M&A transaction, you must engage independent, third-party security experts to conduct vulnerability analyses.
Protecting What You’ve Built
Cybersecurity threats are expanding faster than ever. By embracing a continuous threat evaluation model, prioritizing executive-led tabletop exercises, and understanding the new reality of AI-driven attacks, DSOs can build resilient practices that protect both their patients and their bottom line.
Is your DSO prepared to recover from a destructive cyberattack? Watch the full episode to hear key insights from these industry leaders and learn to better evaluate your organization’s current security posture before the next threat strikes.
🚨 Recent notable healthcare cyber incidents:
Medical technology giant Stryker attack wiped tens of thousands of devices but was limited to its internal Microsoft environment. All its medical devices are safe to use but electronic ordering systems went offline, and customers had to place orders manually through sales representatives. Stryker emphasizes that the incident was not a ransomware attack and that the threat actor did not deploy any malware on its systems. The company is working with its global manufacturing sites to deal with potential operational impact.
Data breaches have been reported by two entities in California. Tieu Dental Corporation has announced a July 2025 hacking-related data breach affecting an as of yet undisclosed number of individuals. The Children’s Council of San Francisco has determined that more than 12,650 individuals have been affected by an August 2025 ransomware attack.
Tieu Dental Corporation, a California-based provider of oral and maxillofacial surgery services, has started notifying patients about unauthorized access to its computer network last summer. The intrusion was identified on or around July 29, 2025, and the forensic investigation confirmed that an unauthorized third party accessed its network between July 28 and July 29, 2025.
Children’s Council of San Francisco (CCSF), a nonprofit childcare resource and referral agency, has notified regulators about a data breach impacting 12,655 individuals. CCSF identified a security breach on August 3, 2025, that caused network disruption. Assisted by third-party cybersecurity experts, CCSF secured its network, investigated the incident, and determined that an unknown hacker gained access to its network on August 1, 2025, and acquired certain data. The SafePay ransomware group claimed responsibility for the attack.
Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. Currently, it is unclear how many individuals are impacted. The company explained that an investigation has started to determine which types of data were accessed and/or exfiltrated.
The New Jersey-based company said in a filing with the U.S. Securities and Exchange Commission (SEC) that the intrusion occurred on March 16 when hackers accessed its IT infrastructure. CareCloud is a publicly traded healthcare IT firm that offers software-as-a-service (SaaS), revenue cycle management, practice management, patient experience management, and electronic health record (EHR) solutions.
Absolute Dental Group has agreed to a $3,300,000 settlement to resolve a class action lawsuit that alleged the dental practice chain failed to protect the private information of patients and employees from a data breach that occurred between February and March 2025. The $3.3 million Absolute Dental Group class action settlement received preliminary approval from the court on March 10, 2026. The deal covers all living, natural United States residents whose personal information was potentially compromised during the data breach, including all who were sent notice of the incident. Court documents state that approximately 1,223,437 people are covered by the class action settlement.
Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.
Have a cybersecurity question or concern that you would
like addressed in future Dental Cyber Watch articles,
please email it to info@groupdentistrynow.com
