The Group Dentistry Now Show: The Voice of the DSO Industry – Episode 169

dso podcast

Gary Salman, CEO of Black Talon Security and Jill Dunnam, Director of Operations of Allied OMS, share their thoughts on the state of cybersecurity in the dental industry through Q2 of 2024.

Gary and Jill discuss:

  • Cyberattack trends in healthcare in 2024
  • The sharp increase in attacks targeting the dental community
  • New key security strategies & technology
  • Recent FBI warnings regarding OMS targeted attacks
  • Much more

To contact Gary Salman email Gary at

To contact Jill Dunnam email Jill at

Visit Black Talon Security –

Vist Allied OMS –

Follow Black Talon Security’s monthly Cyber Watch column here –

If you like our podcast, please give us a ⭐⭐⭐⭐⭐ review on iTunes and a Thumbs Up on YouTube.

Choose your favorite listening app below and subscribe today so you don’t miss an episode! Full transcript is also provided below. See all of our podcasts HERE.

apple podcasts spotify
podcast addict

Full DSO Cybersecurity Podcast Transcript:

Bill Neumann: Welcome, everyone, to the Group Dentistry Now show. I’m Bill Neumann. And as always, we appreciate you listening in or watching us on YouTube. As I always say, without a great audience like you, we wouldn’t be able to get great guests on our show like the two we have today. Gary Salmon, who is the co-founder and CEO of Black Talon Security. You may have seen him on the show a couple of times. I think this is his third time. on our show. So welcome back, Gary. Appreciate you being here today. Thank you. And we have for the first time on our show, we have Jill Dunham. She is the Director of Operations at Allied OMS. Jill, thanks for being here today to talk about this important topic, cybersecurity.

Jill Dunnam : Hi, glad to be here. Thank you.

Bill Neumann: Awesome. So, Jill, if you wouldn’t mind a little bit about your background and tell the audience a little bit about Allied OMS.

Jill Dunnam : Great, sure. I’ve been with one of our founding practices for 19 years and helped to start Allied OMS. We started in 2020 and really grew quickly. We now have, I believe, 42 locations. And it was really started by doctors who had like-minded ideas and wanted to protect the legacy of their practices and really came together to say we wanted to do something different. And so I think when people realize this isn’t too good to be true. And a lot of the doctors really knew each other from residency or somehow in school or just got to know each other. It’s really almost been grassroots growth. And so it’s grown quickly. And so it’s been really special to me. I really believe in it. And so I love my job in operations. I served as a practice administrator for one of the founding practices, like I mentioned. And so I, really feel like I have a heart for the operations of the practices and love to be a resource for them. And so I really care about cybersecurity. This is a topic that’s near and dear to me, and so I’m excited to talk about this. But yeah, Allied’s a really great group. I believe in it.

Bill Neumann: Thanks, Jill. Yeah, we’re really excited to get your input on how you and Allied are handling cybersecurity. Gary Salmon, for the couple of people, the two people in the audience that haven’t met you before or seen the podcast, a little bit about your background and then tell them about Black Talon Security.

Gary Salman: Sure. Thanks, Bill. Pleasure to be here, by the way. So I’ve been in the dental technology space for over 30 years. I actually started my career in college writing practice management software for the OMS space. That’s how Jill and I got to know one another many years ago. And during that time, I actually built one of the very first cloud-based healthcare systems in the late 90s. That was my real wake-up call to cybersecurity. Back then, there wasn’t ransomware and we weren’t experiencing the types of cyber events we experience today. But cyber intrusions were happening back in the late 90s and early 2000s. And we actually had an attempted intrusion in 2002, and our system was able to stop it. Kind of from that point forward, I’d always been interested slash obsessed with security. How do we protect this data? How do we protect people and their businesses?

So fast forward to 2017, I said, you know what? The health care space is hurting really bad from a cyber perspective. Practices of all sizes, dental, medical, small groups, large groups are just getting crushed. with ransomware attacks. So I decided to spin up Black Talon alongside with a couple of folks that I’ve known for many years. One of our head security engineers came from Wall Street, another one came from Fortune 100 type companies doing security and compliance there. And we decided, hey, we need to help, you know, small and medium sized healthcare entities protect themselves from these types of devastating attacks, you know, ransomware, data theft, things like that. So today, fast forward to 2024, we secure about 1700 healthcare entities across the world. We also secure lots of businesses outside of healthcare banks, financial institutions, accountants, lawyers, manufacturing companies, other software companies, and actually quite a few companies that service the dental space. So in our purview, we are responsible for about 46,000 devices in the healthcare space. So we have a very significant footprint. And we service DSOs of all sizes. We have very small DSOs with a couple locations. And we have quite a few of some of the largest DSOs in the United States that are utilizing all of our services.

Bill Neumann: Thanks, Gary. So as we get into the discussion portion of the podcast, and we’re halfway through 2024 already, what what do things look like in the health care space and maybe specifically dental? when it comes to cybersecurity and maybe how does that differ than 2023? Jill, I don’t know if you want to kick it off from your experience and what you’re seeing on the OMS side of things.

Jill Dunnam : Gosh, I feel like the stakes are higher. We’ve seen so much on such a big scale. I think with the change healthcare thing that’s happened, which I feel like everyone knows about, the volume of attacks are much greater. And I think awareness is increasing as well. I just feel like no one is immune. I just think the volume is huge.

Bill Neumann: Gary, how about you? You know, you’re looking kind of in a really high level across, you know, the dental industry and other health care verticals. What are you seeing?

Gary Salman: We’re seeing some interesting shifts. The first is a huge increase in email intrusions. So we are now actively seeing the executive teams of DSOs being targeted and their email accounts being taken over. That’s caused interference with deals. That’s caused significant wire fraud. and other types of fraud within those environments because the hackers actually get into, say, the CEO or the CFO or the CEO’s email account, start firing off emails, saying, do this, do that, send this, wire this, and all of a sudden, it sends the organization to a state of chaos. The other problem is a lot of times the multi-factor authentication codes are being sent to these email accounts. So what happens is it’s not just the email account that’s being breached. Now they get into bank accounts and they start wiring money out of the DSO’s bank accounts because they set up multi-factor authentication, right? The code is going to the email, which the hacker has access to, and then they go in and execute hundreds of thousands of dollars or dollars requires, which we’ve now seen. So email intrusions are a huge problem right now.

I would say they are 10 times more prevalent than ransomware and ransomware is obviously growing. The severity of ransomware, say every single year, just gets worse, right? It’s not going away. It’s not decreasing, right? The only time we saw a drop in ransomware attacks was when the war with Ukraine and Russia kicked off and they kind of dropped off a cliff. Really didn’t exist for a few months, but they’re back in full force. The government’s doing as much as they can to try and take these organizations down. But I say it’s very much like terrorism and the drug war, they just come back. They either come back as a new brand, they change their name because their code survives, and they come back and they hit us with a vengeance. And the sophistication of the code is very significant. And the other big problem that I’m seeing, Bill, is that a lot of this malware and ransomware is evading antivirus software. So a lot of DSOs have what they think to be kind of cream of the crop or tier one antivirus solutions. Unfortunately, and we’ve seen it firsthand, this is it read it on the internet story.

We’ve seen the hackers evade this antivirus software and encrypt the entire DSOs environment. So I think that’s one of the things we really need to dig in because the problem that I see right now is most DSOs are playing defense and they don’t have an offensive strategy. Jill and I will kind of dig into that in a little while and explain really why DSOs need to have an offensive measure. And I would say the last thing that we’ve seen, and I would hope most DSOs are aware of this by now, is a whole new form of social engineering, right? Fancy word for trickery, scam. And now the hackers are actually calling practices and getting the staff members to do things right. So the briefing that I was on a little over a month ago with the FBI, the American Dental Association and American Association of Oral Maxillofacial Surgeons. basically talked about a scam that impacted the plastic surgery market that is now moving into the dental market, where hackers actually call a practice, they pretend to be a patient, they convince the staff member to send the hacker an email that contains online patient registration forms. patient fills them out by hand, and then emails them back to team member at the practice, the team member opens them, he or she clicks on two links, and that executes the attack against DSO or practice. So really, really significant change in their attack methodology. And Jill would probably back me up on this, but we know most of the staff members that are answering the phones and scheduling patients, they are helpers, right? They want to be helpful. They want to please the administrators. They want to please the doctors as well as the patients. So often it’s kind of they’re kind of an easy target for the hackers to go after, because most staff members, if they’re not familiar with this type of scam, they’re just going to do it. And that’s very unfortunate.

Jill Dunnam : Absolutely.

Bill Neumann: It almost sounds like things have really ramped up and these email attacks are really interesting. So the one thing I think I learned from just that first point is don’t have your authentication come to your email, right? For sure, definitely don’t do that. We’ve been working together since the beginning of the year, we being Black Talon Security and In-Group Dentistry Now, So we’ve been kind of highlighting the things that are going on in dental and in the healthcare space in general. So we have a column called CyberWatch Monthly Column, and we’ll drop links to the past couple of issues of that to make sure that you stay on top of things. And it’s just amazing the activity that we see as we kind of track some of the news stories And these are the, and they always lag behind. So there’s, you know, there are things, and eventually they have to disclose them. So we feel like we’re always a little bit behind, but the activity’s really ramped up. So CyberWatch, we’ll make sure we drop those in the show notes. So sharp increase, but it feels like it’s targeting the dental community. And Jill, do you have any thoughts on maybe why that is?

Jill Dunnam : Yeah, I do. really feel like, and this kind of goes on what Gary was saying about the team members wanting to be helpers, I feel like the dental industry is really a trusting industry all the way across. You know, general dentists, oral surgeons, all the specialties who are built on relationships with people and not necessarily advanced in certain technologies and some of the general dentists that a lot of our oral surgery offices work with, they still are slow to come to encrypting emails and our oral surgery practices have to really work hard with our referring offices to say, hey, let’s get some encryption on those referrals you’re sending over. And so it’s sometimes slow to change.

And some other industries, they’re already a lot more advanced in some of those areas than the dental world. And so again, it’s built on relationships and trust and also trusting IT providers. They have a IT person that they’re friends with or it might be their neighbor. And so I think we have to say, we want to make sure that there’s somebody watching those things rather than trusting the IT person to say, oh, I’ve got it. Your IT is good. I’ve got it safe. I’ve got all these things covered. And so we want to make sure that it’s based on real data and not just a feeling of trust, that everything’s just good. And another thing that I was thinking about is doctors are really trained about risk management from a clinical perspective. And that’s really ground into them from, you know, we want to avoid lawsuits. We want to make sure that we’re taking good care of patients. And I think also in oral surgery, there’s another element, you know, and allied OMS, we have training that’s extremely robust. We have such great practices. Our teams are excellent at taking care of patients from a sedation standpoint, making sure that they’re all really trained on all of our sedation practices and recovery and emergency protocols. That’s something we’re really proud of.

And so, again, from a risk management standpoint, are we really ready for whatever scenario could happen? But that’s, again, a clinical perspective. But I think we need to switch our mindset to what are some of the other risks that we have? And we don’t have a risk management mindset from a technical perspective. Again, I think we go back to this really trusting mentality of here’s my specialty. I’m going to trust my IT guy on all the IT things. And we’re not verifying some of those things. And so I want to talk about, you know, third party audits. I think we could talk about that, you know, further down in our conversation. But I think we need to think about risk management from all the angles.

Bill Neumann: Yeah, thanks, Jill. And I mean, obviously, there’s a lot of value in those patient records, right, Gary? So, I mean, that would be one obvious reason they would target the industry. And I forget what, I’m sure you have the value of each patient record. I remember you on a previous podcast, Gary, kind of talking about what, you know, what the value is of each one of those records. But talk a little bit about that and maybe some other reasons.

Gary Salman: Yeah, look, I think the hacking community is well aware that when they attack a health care entity, they’re going to get paid. Right. If you look at what most of the leading law firms that specialize in compliance, especially related to health care, when we get on the phone calls with these law firms and we’re in the middle of a ransomware event or theft of patient data, Most of the time, what the law firm will advise, not always, they’ll say, listen, even if you have a backup, the fact that the hackers have stolen all your data, you need to pay them to make sure that this data is not sold on the dark web, released on the dark web, used for nefarious purposes. Doesn’t mean that the hackers won’t do it, but usually if you pay them, they will honor their word, right? Kind of like that honor amongst thieves. So the big problem that I see is really what’s called the double extortion methodology, which basically means that not only do they encrypt or lock all of the data on your servers and workstations and cloud technology, they also steal it. Right. And now they know, hey, we got you right.

We now know this DSO is going to pay us the three million dollars in ransom because we walked away with a million patient That’s a huge problem. And then the other thing that we are seeing firsthand is the triple extortion methodology. Basically what happens here is not only do they encrypt your data, steal your data, but now they start contacting your data. Just wrapped up a ransomware event recently where the hackers literally got all the doctor cell phone numbers, the accountant’s phone number, the CEO of the DSO and created a anonymous Google phone number. And every hour on the hour for days, we call those folks demanding that they they pay the ransom. And then they started calling the individual practice locations. And then an attack just prior to that, they’re actually calling patients. So I think a lot of DSOs and executive teams don’t realize how significant of an event these attacks are and how the hackers will always continue to ramp up their methodologies in order to ensure that they get paid. So that’s a big problem right now. And I hear a lot of executive teams say, well, we’re in the cloud or we have multiple backups, so we’ll be OK. And I always say that’s not the problem. The problem is they’re going to get your data. They will persist on your network for weeks till they figure out how to get the data, whether it’s in the cloud, in a cloud EMR system, on your own servers, you know, an Amazon Web Services and Microsoft Azure, right? All the places that DSOs are kind of I’ll do air quotes, kind of like securing or hiding their data. The hackers. I see it almost every time because they know they’re not going to get paid, most likely if they don’t stay That’s a significant challenge right now.

Bill Neumann: Okay, so got this increase in attacks. The attacks are much different, right? You talked about the email intrusions as well this year. So let’s talk about some key items that you know, DSOs really of any size, because you talked about it before, Gary, this isn’t just for the large groups out there. This is happening to solo practitioners, smaller doctor owned and doctor led groups as well. So what should they be aware of when it comes to security in 2024? And, you know, either Jill or Gary, whichever, who wants to start the conversation there?

Gary Salman: I mean, you can often fill in. I think Jill actually said it already. I mean, she nailed it. You have to be data driven. You run your practice, your group, your DSO, utilizing data for almost everything you do. But when it comes to security, what I often come across when I talk to executive teams or owners of groups is this statement. work, we’re fine. I trust my IT folks. They told me we’re secure. And then what I always say is, where’s the data to back that up? Right? How do you know you’re secure? How do you know how you’re doing over time? Are you more secure today than you were six months ago? Are you less secure? If I said to you right now, are your firewalls properly configured? Are there any open vulnerabilities on those computers, servers, laptops, firewalls, devices? These are all questions that you have to have, because an individual like Jill, she has to make data-driven decisions. And by just having an IT resource, whether it’s internal or external to the DSO, just tell you that we’re good, that doesn’t work anymore. Because in the end, the executive teams, right, for instance, Jill and her executive team, they’re the ones that are going to have to answer to state and government agencies when there is a breach. So yeah, so Jill, if you want to talk a little bit about, you know, some of the things that you see, from from your perspective, I think that’d be great.

Jill Dunnam : Yeah, I think you know, to be able to get buy-in from our financial team, even on expenses or risk. Before we had, which Allied OMS uses Black Talon just for background, but before we had that, you know, we really didn’t have insight into what our gaps were. And I think it’s so much better to be doing something than, you know, just guessing. And I think you’re never going to have an airtight system where everything’s perfect. But, you know, I think, how do they say it? I think someone at Blacktown, Josh, would use an example of a parking garage. Somebody wants to come in and steal something from the cars there. First, they’re going to start trying all the doors to see what’s unlocked. And I love that example because they may not start breaking windows. First, they’re just going to try all the doors. And if they find something unlocked, they’re going to find something they came for and leave. And so at least lock your car, you know, do something. And I think, you know, we can start with the things that are the worst. And then once we resolve that, then do the next thing and the next thing. And then Microsoft may have an update and some things are going to break. And then we start addressing those, you know, that’s always a moving target. But with the dashboards that Blacktalent has, we have visibility into the things that need correction or computers that need to be upgraded and then all of a sudden, you know, another operating system starts approaching end of life and we see that and we can start planning for replacement and things like that. So having visibility allows me to create buy-in with our financial team and start budgeting and things like that.

So we need to have that. Also training awareness, you know, training is something so important that, you know, the human element to what’s happening with ransomware, you can have some really great offensive and defensive software. But when you have people that don’t know what they’re doing, just like the example that Gary shared about, you know, somebody calling saying, Hey, can you help me with this and do this? Or can you remote me into the system? Because I’m part of your IT company or whatever, you know, things that happen. um, you really have to have that training element. And if you don’t have your, your it company is so overwhelmed and they’re busy trying to, you know, manage your it and they’re not staying aware of the things out there like a company like Black Talon, where they’re up to date with what’s going on with the FBI and aware of the news and really staying, you know, you’re to the ground on what’s coming. Um, they can, you know, there was one incident that happened. They, within, within 24 hours had recorded a video that of what was happening and kind of gave the scenario. It was a really short clip. They sent it to me and we sent it to all of our practices to say, Hey, this is a new thing that’s coming. Be aware of it so that you know what people might try to do. And it was, you know, something unique. And I would be exhausted trying to think of the different ways that the bad guys would try to, you know, attack us. That’s exhausting to think that way. They get so creative. But we were able to send it to our practices so they could be on alert. And a bunch of our practices said, oh my goodness, this is great. And so it just brought awareness. But anyway, so that dashboard gives us visibility. And so we’re able to do something and continue having that moving forward progress.

Bill Neumann: So yeah. That’s great, Jill. Do you feel that because we’ve got this turnover in the industry, right? I mean, we talk about this HR crunch. I mean, is that a big issue because you have new people coming in that need to be trained and things are changing so rapidly with cybersecurity? So you focus on training. What does that look like? Is Black Talon providing training for you? Do you have your own internal training? Is it a combination of the two?

Jill Dunnam : I’ll speak to that. So it is a combination. We like to do internal training and, you know, also when there’s news that comes out again, like the one I mentioned, uh, the video that they recorded, or also if there’s an event that happens. we leverage that anytime we can to bring awareness. And clinically, I mentioned risk management, we use those two, like closed claim summaries with OMS National Insurance Company, or with General Dentistry, Fortress is another big insurance company. If there’s a case that happens, share that with the team so they can be aware of something that happened. It’s kind of interesting, but you wouldn’t know how risk could happen. And so if they’re thinking that way, it helps them to be aware. Same thing for cybersecurity. So when something happens, you can leverage those scenarios as a teaching moment to say, hey, guys, there’s a big attack coming around. Let’s use this to double down. And I think when you have a manager at a location, they’re like, oh, my gosh, yes. And we just hired somebody. And I forgot we didn’t add them to the list to get that training out for them. So I think it’s really good to use those newsworthy moments to send out an alert to everyone across your organization. And then it kind of is a good reminder and it gets attention because otherwise if you just have like a monthly, Hey, don’t forget to check your dashboard or something. I think it just makes it a little more exciting. I hate to say, but, um, and, and it also teaches people in that way. Also, I’ve had really good feedback, and this is good for you to hear, Gary. I’ve had good feedback from our team when they’re like, the training’s not boring. So that’s good to hear. But it’s nice to be able to see the dashboard on who’s completed it and who hasn’t. But it’s federally required that people in health care take the cybersecurity training, and they have proof of it. So it’s good. We appreciate it.

Bill Neumann: Yeah, I know Black Talont always tries to have some fun with the training and, you know, the whole, you know, superhero genre they kind of have is really cool. We enjoy. We enjoy it. You’re right. You make cybersecurity fun and entertaining, which is good. You were talking about news, Jill. And so a couple of weeks back, there was that big FBI warning, and they mentioned this focus on OMS. So talk a little bit about that and kind of how you dealt. I’m sure you shared that with your team, but what have you really done as Allied done to really kind of focus on that?

Jill Dunnam : Yeah. So, and I probably jumped the gun in sharing about that. That was the one that when OMS had a big focus, that was when Black Talon recorded the video. And so we quickly got that out to our teams to make sure that they were aware of what was going on. And so we sent that out to every practice and we said, share this with your teams. And so that was very short time period from when the announcement happened Blacktown recorded the video and made awareness. And from that, we got it out to our teams and we had amazing response across our organization. So I was pretty impressed with the turnaround on that. And so we haven’t had any issues at our practices just because they were alerted to it right away.

Bill Neumann: So, Gary, what was in this video? Can you talk a little bit about it?

Gary Salman: Yeah, so that was kind of what I alluded to at the beginning, but that’s where a hacker calls up the practice, pretending to be a patient and wanting to fill out online patient registration forms. And they claim like, hey, your website’s not working properly or not computer literate. Can you just email me the forms so I can fill out my health history and all of that? And then the hacker basically waits a couple of hours. tends to fill out the forms, calls the practice back, asks for the same person that they spoke to a few hours ago, emails them the file back that is supposed to contain their health history and new patient registration forms, and then gets that person to click on a link in the email that they just sent. It directs them to a website that looks like a legitimate file download site, call it Dropbox or Sharefile, and then the employee clicks on that second link And then when they click on that second link, the hacker’s payload downloads into their system and executes the attack. So basically what you have is you have an employee within the practice executing the attack for the hacker and the hacker does nothing. You just had to convince that person on the phone to do two things, or really three things. Send them the forms, receive the forms, then click on links. That’s how quickly that attack can be executed. And unfortunately, this type of attack often evades email filters, email security, as well as antivirus.

Bill Neumann: We talked a lot about training. What specific technologies and tools should a DSO or solo practitioner have really to combat these intrusions? Gary, if you want to kind of kick that off, what’s out there? I mean, you obviously can offer support and services, but what should they be doing? Yeah, so I think

Gary Salman: You really need to think about this from a defensive and offensive perspective. So most practices and DSOs have been running defense for years, right? They have the firewall, they have antivirus software, but kind of the gut punch that I think hits most executive teams is Every ransomware case we do, guess what they have? They have firewalls, they have antivirus software, and all of a sudden, like, how did we get ransomware? We have, you know, state of the art firewalls, we were told we have the best antivirus software, we still got it. Hackers can defeat these technologies sometimes extremely easily. Often they are bypassed because they are misconfigured by the IT resource. So from a defensive perspective, you have obviously firewalls, you have antivirus software. From an offensive perspective, what you really need to add, and I find that probably 90% of all DSOs, regardless of size, do not have an offensive game. They just have defense. From an offensive perspective, what you need to be doing is, first of all, be data-driven. So just like Jill talked about, data doesn’t lie. You can’t argue with it, right? Your firewall is or isn’t configured properly. You have vulnerabilities on your firewalls or you don’t have vulnerabilities on your firewalls. Now there’s different severities of firewall vulnerabilities, but a vulnerability on a firewall is a defect in your outer perimeter, which means that defect could result in a breach. So in order to have a strong offense, you need to test your technologies. So every single day, your firewalls need to be tested by a third party, where they’re basically launching cyber attacks against these firewalls to see if they’re going to withstand an attack from a hacker. Did someone open ports? Did someone misconfigure the firewall? Is the software on the firewall vulnerable? Even some of the best firewall companies in the world constantly push patches to their firewall software because hackers figure out a defect in their software. So test your firewalls every single day. The next thing is penetration testing. So I recommend at least twice per year, your entire external perimeter, right? All of your firewall, firewalls or anything internet facing, there should be an external penetration test conducted against those firewalls, right? That’s done by an ethical hacking team, where the ethical hackers assume the role of a cyber criminal, and use the same techniques and tactics that a hacker would use. And they try and break into your office. And if they’re successful, then a meeting’s called with your IT resources, internal, extra resources and changes are made to try and prevent that intrusion. So that’s that’s the next strategy. The next tool that I rarely see being used in DSOs is what’s called a vulnerability scanner. Think of this as a tool that detects weaknesses in a computer, such as a server, a workstation, a laptop, a tablet, or a printer, a fax machine, IoT devices like that smart TV hanging on the wall. And what these vulnerability scanners do is they wake up every four hours, They scan the devices for known vulnerabilities, and they report that back to, for instance, our dashboard. Our dashboard would instantly analyze it, warn you of the risk, give it a risk score, and then either automatically fix it, right? So we have technology now that not only identifies the risk, but can fix it. Or if you’re not utilizing the autonomous remediation, it tells your IT team how to fix it. So the big challenge we’re seeing right now is in a seven-day period, hackers can identify vulnerabilities and they can build toolkits to exploit the vulnerability. Typically, what happens with these toolkits is the device is like, oh, I don’t need a password, come on in, right? They build a tool that allows the computer to give up access because it has a vulnerability and a piece of hardware or software. So real-time vulnerability scanning is a must-have. I’ve heard some executives say, oh, well, you know, our IT resources scan our machines once per year. What I say is you’re literally burning that money. Whatever you spent on that, put it in a fireplace and just light the dollars up. Because every day there are tens and sometimes hundreds of new vulnerabilities that come out. So if you’re not doing this real-time vulnerability scanning, you’re failing. The next thing that you really need to do, and Jill talked about this a lot, is training. You have to do cybersecurity awareness training. It has to be a comprehensive process and training program. It can’t be like, hey, let’s buy pizza and talk about not clicking on things. So required under federal law as part of being HIPAA compliant. Another good technology, which is a little more on the defensive technology, is you need to leverage AI-based antivirus and threat detection software. Two best products out there right now are SentinelOne and CrowdStrike. But most importantly, these need to be monitored 24-7, and they need to be monitored by security engineers. And these people should be in the United States. The big challenge that I see with a lot of DSOs is they do go out and buy these types of products. They put them on their network. They’re not configured properly. They’re not monitored 24-7. The hackers figure out the misconfiguration, are able to get around the AI technology, still hit your network. Or the AI starts screaming at 2 o’clock in the morning and your IT team, either internal and or external, is sound asleep. So those are some of the things that really, really need to be in place. And then all of this information has to be passed to a dashboard so that a CEO, a CFO, a COO, even board members can take a look at this data and say, OK, we’re doing really well or we got some problems. And one of the other things is benchmarking yourself. So our platform will actually show you from a security perspective, how you compare to, you know, thousands of other DSO locations across the US. So you can say, Oh, great, we’re below the line, we’re doing a really good job, or Oh, we’re way above the line. Why do we have twice the amount of risk as every other DSO? Clearly, we’re doing something So anyway, that’s typically the types of technologies that I want to see and cybersecurity experts want to see in these environments. Strong offense, strong defense. Most importantly, you have to separate IT from cybersecurity. The folks doing IT shouldn’t be doing cyber. guys doing and women doing cyber shouldn’t be doing it, it should be done by two different entities, right? So you get that true transparency. Because what I say to everyone is, as anyone, you know, if you’re an executive or the owner of a group, has anyone sat down with you and handed you a piece of paper and just say, here’s where we suck. Here are all the problems we have with our security. And you know what? I’ll ask that to 100 people and like one person will raise their hand. And I even question like, did you understand what I asked or not? But anyway, I think this is a big, big problem right now. And Bill, I mean, you know, some of these attorneys, and you probably heard them speak as well. Most of them are starting to really advise their clients that you have to have a separate company for security, because you have to be held accountable by someone else versus your internal people or your manager.

Bill Neumann: Well, that leads into a question for Jill about separating IT from cybersecurity, because I think you’re right, Gary, you kind of mentioned this in past podcasts where, hey, we’ve got an IT department, so we’re good. Like IT’s got that handled. But Jill, you’ve separated out IT from cybersecurity. When did you do that? And how’s that working out for you? Kind of take us through that process.

Jill Dunnam : Yeah, pretty early on we engaged Black Talon and we at Allied OMS, we have several different managed service providers for our individual practices because we have x-ray machines that require boots on the ground, support, and long-term relationships there. But Black Talon allows us to have visibility into the status of how those are doing. So like I mentioned, that dashboard is really helpful. But in the financial world, people who are serious about their money have third-party audits. And same thing goes for your IT and your computer security. And I think, you know, an IT provider might say that they’re good, that they’re fine, but you don’t know what you don’t know. And so if you’re serious about it, then you would open your doors to say, hey, let’s check and see. And so I feel like those IT providers that are genuinely open and are sincere about wanting to find out where their vulnerabilities are. They welcome the relationship there. It’s a partnership towards excellence, and there’s accountability in that. And so we feel like we have some really great IT groups who have said, you know, yes. And so when a vulnerability is found by Black Talon, then they work together to resolve it. And sometimes those IT groups say, hey, we weren’t aware of this. And the team at Black Talon is great about supporting the IT provider and saying, yeah, here’s some some fixes that we’re aware of. And so they they’re wonderful at being hand in hand on those things. But, you know, just like Gary said, how often is it that somebody would tell you exactly how they suck? Like, that’s uncomfortable. It’s almost a conflict of interest. You know, people aren’t going to tell you their their shortcomings very comfortably. And we’d like to think that people would do that. But I think it’s also a very difficult thing to do. It would be easier for them to just try to fix it. And we hope and trust that they would do that. But I think a third party audit in that way is good. And I think another way to say that is we really do need somebody to watch the watcher when it’s something so vitally important to our business and our ability to continue doing business successfully. So it’s pretty vital.

Bill Neumann: Thanks for that, Jill. As we start to wrap up this podcast here, and I’ve got to ask this question and you can both answer it. I’m sure, Jill, you see and work with other peers, other DSOs, and kind of have an idea of what they’re doing. And Gary, again, has a little bit higher level across some other healthcare verticals as well. But we talked about this for years. It’s always been a reactive. So if something happens and then, oh, we’ve got to scramble and do something. And at that point, it’s almost too late. Are we seeing DSOs become more proactive when it comes to cybersecurity? everything that’s happened in the past six months, you know, even nine months back, if we kind of go back to some other incidents, I mean, what are you, do you think we’re seeing a change from, you know, reactive to proactive? Jill, what do you think?

Jill Dunnam : I don’t know. I can’t speak for other DSOs specifically, but I think I’m part of an organization of other oral surgery groups that are primarily private practices that I’ve connected to other administrators that I’ve known through for years. And I do feel like, as we talked about at the beginning of this podcast, awareness is definitely heightened because of just all the things going on. So I do feel like the trend has been, how can we be more aware with our teams and training? So I do feel like that’s escalated. Gary works with so many DSOs. He could probably answer that for on the DSO level. What do you say, Gary?

Gary Salman: So I agree with you 100%, whether it’s a small practice or a large DSO, the level of attention that cyber is getting right now is unprecedented. Change healthcare flipped our entire world upside down. And Jill, you probably have colleagues that still aren’t processing electronic claims to this day with certain platforms. So I think that created awareness. I also think that what tends to happen is sometimes you make some small incremental changes, and then it’s out of sight, out of mind, back to, you know, growing EBITDA, back to treating patients, acquisitions, and things like that. And then all of a sudden, something happens, and I’m like, oh my God, you know, we got to go deal with this again. Until it happens to the DSO, God forbid, and then all of a sudden, you know, kind of as Bill said, then it’s a reaction, right? So I say that almost every cyber event that we’ve seen, and we’ve done hundreds of cyber events, have all been prevented. And there are some really, really strong methodologies and tool sets out there and technologies that can prevent the intrusion. And if that fails, at least minimize the damage. I feel that one of the big problems that I see is the Kool-Aid drinking of tools. And this is propagated directly from the firewall companies and the antivirus companies. basically pour the Kool-Aid down the IT companies and the IT resources throat and be like, this will stop ransomware, this will prevent intrusions, this will get you back up and running in 15 minutes. And everyone kind of just bets the farm on that. And then all of a sudden they get hit with ransomware. And, you know, a company like ours, an incident response company, a law firm will say, listen, you guys are going to be down for two to four weeks. And then they’re like, well, hold on, we just bought the latest tools. How did this happen? So one of the things and the best recommendation that I give, it’s not just about the tools, it’s about the humans behind the tools and making sure that they’re managed and configured properly. So I do say that with proper proactive prevention, you can put your DSO in a really good place from a protection standpoint. have to think bigger and you have to understand and Jill said this, um, the attack methodologies change, right? And you have to stay on top of this stuff. And if you’re not staying on top of it, you will think you’re protecting your office and your group and your DSO, you know, and then your front doors and your back door is locked. The hackers are going to come in and smash the side window and get it. So think differently, be absolutely proactive about security, have this third party come in and make sure, you know, on a daily basis, you’re right in tight and your doors and windows are all locked and your people are trained, et cetera. So that’s really the best advice that I can give.

Bill Neumann: And it’s a great way to wrap things up. Gary, if people want to find out more about Black Talon Security or they want to contact you, how do they do so?

Gary Salman: Sure. Yeah, you can visit us at I also suggest find me on LinkedIn. I have thousands of followers there and we were constantly posting some really great content, not only about dental and medical and general security, but personal security as well. And you can also call us at 800-683-3797. Reach out to us that way. Thanks, Bill. I really appreciate the time. Thank you, Jill. You did great as always.

Bill Neumann: Oh, yeah. And Jill, if people want to contact you, can they find you on LinkedIn and how do they find out more about Allied OMS?

Jill Dunnam : Yep. Our website is and feel free to reach out to me on LinkedIn as well. That’d be great.

Bill Neumann: Excellent. We’ll put all that contact information and the URL for Black Talon and Allied in the show notes. But yeah, great, great conversation. It’s amazing how things have changed in the past six months. We appreciate the update and also make sure you are following the CyberWatch column. It’s out every month on Group Dentistry Now. We appreciate Black Talon support, educating the industry on these ongoing changes with cybersecurity. So until next time, this is the Group Dentistry Now show and I am Bill Neumann. We appreciate you watching and listening in today.

group dentistry now subscribe