If 2025 proved anything to the dental community, it’s that size doesn’t equal safety. We saw incidents ranging from single‑site breaches to multi‑location DSOs with seven‑figure populations affected. In one high‑visibility case, a multi‑location dental group confirmed that 1.2 million+ individuals were impacted after adversaries leveraged an MSP‑associated tool/account to gain initial access—a stark reminder that convenience and centralized administration can become systemic risk if not governed tightly. Meanwhile, a Philadelphia practice disclosed that 11,273 individuals were affected after an unauthorized party locked files and potentially accessed PHI and PII—illustrating that smaller offices are just as attractive when attackers can monetize SSNs and insurance data. [hipaajournal.com] [beckersdental.com]
The broader dental/security narrative in 2025 featured ransomware with data theft, legal actions, and investigations across a spectrum of practices and vendors. Tellingly, some attacks hinged on remote monitoring and management (RMM) tooling, firewall configuration exposure, or compromised vendor credentials—vectors that shortcut traditional perimeter defenses. That’s consistent with sector‑wide analyses noting that attackers often live off the land, co‑opt legitimate tools, and pursue supply‑chain shortcuts to scale. [beckersdental.com]
Three big lessons for dental leaders
Harden your MSP and admin toolchains.
Require per‑tenant identities, phishing‑resistant MFA, and just‑in‑time privilege for any RMM/remote access solution. Log administrative sessions and alert on privileged actions (software deployment, registry edits, backup policy changes). Many 2025 compromises exploited trusted tools or vendor access rather than zero‑day exploits. [beckersdental.com]Segment like your revenue depends on it (because it does).
Separate front‑office networks from imaging and practice‑management servers. Apply allow‑listing on critical endpoints and restrict east‑west movement. Segmentation is a top recommendation across federal guidance because it reduces blast radius when—not if—an endpoint is compromised. [cisa.gov]Backups that can’t be bullied.
Adopt immutable, offline copies of practice‑management databases, imaging archives, and file shares; test restores quarterly. Attackers increasingly try to encrypt or delete backups, and only tested, isolated copies give you leverage in negotiation—and confidence to not negotiate. [cisa.gov]
A 30‑day action plan
- Week 1: Inventory all remote tools and vendor accounts; enforce MFA and eliminate shared credentials. [beckersdental.com]
- Week 2: Implement network segmentation between user VLANs, imaging, and servers; restrict SMB and RDP laterally. [cisa.gov]
- Week 3: Stand up immutable backups with retention locks; perform a test restore of your practice‑management DB. [cisa.gov]
- Week 4: Run a tabletop exercise covering ransomware, patient communications, and breach notification. [cisa.gov]
How we help
We deliver Managed IT & Security for dental groups: secure RMM design, least‑privilege policies, HIPAA‑aware BCDR, and quarterly restorations. For DSOs, we also assess and score vendor and MSP risks and implement compensating controls. [hipaajournal.com]
