Why DSOs Must Prioritize Cybersecurity: Lessons from a DSO’s IT Leadership

An Insider’s Perspective on Cybersecurity for DSOs

As cyberattacks launched against dental service organizations continue to increase in both frequency and sophistication, Black Talon Security (BTS) wanted to sit down with an IT leader who works in the DSO space to gain some insight into how they view the current threat and uncover some of the challenges that they are faced with. Knowing what’s at stake and what is required to adequately protect a DSO organization is one thing. Getting budget approval and finding security solutions to fit that budget is an obstacle that many struggle to overcome.

Andy Taylor is the Senior Director of IT for Dentive, a 114-location DSO headquartered in Provo, UT. BTS recently had the pleasure of hosting a virtual interview with Andy to uncover why he made the decision to engage with a third-party cybersecurity company to help protect his HQ and all practice locations.

Why DSOs Need a Cyber Partner

BTS: What motivated you to want to work with a third-party cybersecurity company?

AT: I had a background in cybersecurity that started when I spent a number of years working for Symantec Corp and an understanding of what today’s security threat is. Yet I was also well aware that the security landscape is always changing, and threat actors are always discovering new ways to breach networks. When I was hired here, I was the only cyber, technical, HIPAA, etc. resource in the company, and I needed a partner to be my Security Operation Center [SOC]. I was only in the dental industry for two months when I met Black Talon at the ADSO conference. After a brief conversation, it was evident that you were providing the services that I needed to have in place to protect my HQ and every practice location, and to me it seemed like a match made in heaven.

BTS: Was needing an SOC your only motivation for engaging with BTS?

AT: No. I was hired specifically because one of our organization’s practices had been hit with a cyberattack. That was the impetus for me being brought on board. No one here at that time had any understanding of cybersecurity. My first assignment was doing the investigation, completing all of the required documentation, and closing out the incident. At that time, we had less than half of the partner locations that we have now, but I knew that I needed a partner to manage our cybersecurity so that I could focus on managing all of our technology and technical operations.

BTS: What were some of the things that were important to you when investigating the different security companies and tools that were available at that time?

AT: I wanted to have a centralized solution that covered all bases and areas of vulnerability. I wanted Endpoint Detection & Response (EDR) and an SOC, but I also wanted to work with a partner who was going to identify the areas of vulnerability—both technical and human—and address those areas either for or with me. I was also very sensitive to costs, as I didn’t have an unlimited cyber and IT budget.

Separation of Responsibilities & Independent Auditing

BTS: All dedicated cybersecurity companies preach the importance of separation of duties between IT and security. Not all organizations feel that separation is important or necessary. Why didn’t you not rely on your existing network of MSP / IT providers to provide preventative security or ask them to add that layer?

AT: Not all DSOs are structured the same way. We are a partnership organization. We are also a business. I have to protect HQ. I also have to protect the individual businesses, and I care a great deal about our partners. To do that effectively, I needed a security partner who is completely immersed in and focused on cybersecurity. It’s not something that you can dabble in or focus on when you have time. Another big reason is that everyone should be vetted. I have to vet our partner IT companies and our partner practices. I depend on Black Talon to help me vet me, vet our third-party IT partners, and vet our individual practices. That is crucial to our success. I don’t see it as a separation: I see it as team effort, and it works very well for us. Of course, I received some push-back from my valued IT partners in the beginning, but that initial push-back quickly went away. Those same IT partners now want to bring Black Talon into other environments that they support.

Budgeting for Improved Security Operations

BTS: Was it difficult for you to get budget approval to add a layer of security? I have spoken with many CTOs, CIOs, VPs of IT, etc. who struggle with approvals for non-revenue generating services.

AT: I won’t say that it was difficult, but it did take some work. I had to build out models and create a justification, but at the end of the day it’s the cost of doing business and is standard operating procedure in 2025. I’ll find other areas or ways to trim, but as long as my total costs stay under a certain percentage of production, then it’s a no-brainer to do what you have to do to protect the business and protect the data.

BTS: Has there been any improvement in efficiency in operations since you’ve engaged with a third-party security provider?

AT: Absolutely. We’re an MS Teams shop, and I set up three-way Teams chats between my team, the Black Talon security engineers and each of my third-party IT providers. That instant communication avenue has proven to be extremely valuable and efficient. Black Talon is able to instantly notify me and the IT vendor about any practice, provide a full list of whatever their finding is, and include NetBIOS name so that we can all see whatever it is that caused the alert and all instantly attack that issue. That instant communication is amazing, and it’s even more amazing that this instant communication is with a credentialed CISO or CISSP.  Yes, we still get an email communication so that whatever the issue was will hit our ticketing systems for tracking purposes, but we don’t have to wait for that process before addressing an issue.

Visibility Across the Organization is Key

BTS: You were one of the BETA testers for the new version of Black Talon’s EAGLEi Dashboard. Any feedback for me about it?

AT: It’s the ultimate attack surface management tool. The visibility into our entire security posture is incredible. I love that I can see where we have weaknesses at both a global level and at an individual practice level. We’re an organization that doesn’t like to leave things undone, and I love that EAGLEi doesn’t let us leave things undone. I also really, really like the new cyber risk rating scoring system.

BTS: Well, thank you, Andy, for agreeing to participate in this interview. I appreciate your feedback and your openness when discussing a topic that not too many people want to discuss. We still have so much ground to cover, but we can only fit so much into one article. We’ll have to do another one day soon and pick up where we left off.

AT: Thank you, and I want to let you know how much I appreciate the entire Black Talon team. I really enjoy working with such a solid and knowledgeable team of professionals.

---

🚨Recent notable healthcare cyber incidents:

Artistic Family Dental reported to the Attorney General of the Commonwealth of Massachusetts that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on or around November 11, 2024, Artistic Family Dental became aware of unusual activity in its network environment.¹ As a result, Artistic Family Dental launched an investigation to determine the nature of the incident.

Through its investigation, Artistic Family Dental confirmed that sensitive personal information in its systems may have been viewed and obtained by an unauthorized third party during the breach to its network. As a result, Artistic Family Dental began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On January 31, 2025, Artistic Family Dental completed this review.

As a result of the data breach, Artistic Family Dental began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Massachusetts residents, Artistic Family Dental is providing affected individuals with a list of the specific types of sensitive information impacted. A link to the form breach notification letters that Artistic Family Dental filed with the Attorney General of the Commonwealth of Massachusetts.

---

Park Place Pediatric Dentistry announced that it is notifying individuals whose information was involved in a recent mobile device theft incident. On December 11, 2024, Park Place Pediatric Dentistry learned that a laptop of a team member had been stolen from her vehicle. Immediately upon learning the incident, Park Place Pediatric Dentistry quickly engaged third-party cybersecurity experts to assess, contain, and remediate the incident. Law enforcement was also notified.

An investigation into the scope of the incident was launched to determine what, if any, information was stored on the laptop. The investigation determined that certain patients’ information was stored on the device that could be exposed to an unauthorized party, including the following categories of information: name, patient account number, date of birth, date of service, medical treatment records, and financial information related to treatment.

To date Park Place Pediatric Dentistry has received no indication that the laptop has been powered on or connected to a network. Once the laptop does, if ever, connect to a network, it will receive an automatic system wipe command. While the investigation did not find any instances of fraud or identity theft that have occurred because of this incident, out of an abundance of caution, Park Place Pediatric Dentistry is notifying individuals whose personal information was involved and providing resources they can use to help protect their information. Park Place Pediatric Dentistry is offering complimentary credit monitoring and identity theft protection services through IDX. Park Place Pediatric Dentistry also recommends that individuals review any statements they receive from their health care providers or health insurers. If individuals see any medical services that they did not receive, please call the provider or insurer immediately.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.