Dental practice owners may assume that cyber criminals focus on larger corporate targets in finance and manufacturing. The numbers, however, tell a different story. Currently, the health care sector accounts for 32% of all recorded data breaches, which is almost double the number of breaches occurring in the financial and manufacturing sectors, according to a 2024 report issued by IBM and the Ponemon Institute.
And cyber incidents are not only happening more frequently but are also becoming more expensive. Reports of health care data breaches increased by 89% between 2019 and 2023 — with the average cost of a health care data breach reaching $9.8 million in 2024.
“It doesn’t matter how large or small your dental practice is,” said Teresa Pichay, CDA’s regulatory compliance analyst. “If you have a vulnerability in your system and the bad actors find it, whether it’s a human or technical vulnerability, they will take advantage of it.”
Pichay has answered CDA members’ questions about HIPAA, cyber incident response and other regulatory compliance matters for more than 29 years. She and CDA’s team of expert analysts also create content and educational programs specifically for dentists based on dentistry news and trends and their conversations with member dentists.
The Cybersecurity Toolkit, published May 14, is the newest resource.
Cybersecurity toolkit for dental practices: Prepare, respond, recover
“Cybersecurity isn’t often the first thing on a dentist’s mind when running a practice, but ignoring it can lead to HIPAA violations, ransomware attacks, losing access to patient records and other serious problems,” Pichay said. “The good news is that you don’t need to be a security expert to protect your practice.”
The Cybersecurity Toolkit includes the following practical checklists, response plans and step-by-step guidance to help safeguard patient data and keep the dental practice up and running:
- Top 5 Cybersecurity Mistakes Small Dental Practices Make (and How to Fix Them)
- Are Your Vendors Putting Your Practice at Risk?
- How to Choose a Cybersecurity-Savvy IT Provider for Your Dental Practice
- Cyber Incident Response Steps
- What To Do After a Cyber Incident
Ask vendors and potential IT partners the right questions
Are Your Vendors Putting Your Practice at Risk? provides a checklist of questions dentists should ask their IT providers, billing services and other vendors to evaluate the potential risks they pose.
“Although you can’t prevent every risk, you can ask smart questions, set clear expectations and choose vendors that take your patients’ data as seriously as you do,” Pichay stressed.
Similarly, when choosing an IT partner, dentists can ask the right questions to ensure the provider understands the dental practice’s unique cybersecurity needs. CDA’s resource provides examples of what a good answer might sound like.
Cyber Incident Response Steps includes a response plan that practice owners can copy and distribute to their team members, and What To Do After a Cyber Incident comes with a recovery checklist.
CDA member-dentists can sign into their accounts to start using the Cybersecurity Toolkit.