Data Protection, Backup, and Recovery

Top 5 IT Mistakes Dental Offices Make – and How to Avoid Them

IT mistakes and how to avoid them
Originally Published on the Darkhorse Tech Blog

Dental practices across the U.S. have become a favorite target for hackers, and ransomware has become the biggest threat. The consequences of any type of cyberattack—from phishing to denial of service—can be practice-ending, but many providers don’t even know whether their systems meet the minimum HIPAA security requirements.  Understand the main types of cyberattacks, the five most common vulnerabilities, and how taking a managed service approach for Dental IT can shore up your security and protect your patients and practice.

So Many Types of Cyberattacks – and Growing

  • Ransomware locks up your access to patient data unless you pay
  • Spyware installs software on your computer without your permission to capture and sell patient and practice data
  • Phishing accesses your network by luring your employees to click on links in emails that look legitimate
  • Trojan horse plants malicious software on your network when employees click on a link Denial-of-Service attack bombards your network with traffic until your system crashes

Top 5 IT Mistakes Dental Offices Make – and How to Avoid Them

1) Weak Antivirus Anti Ransomware Software

Ransomware shuts dental offices down. No patients, no revenue. How long could your practice make payroll in that situation?

If your anti-ransomware software isn’t business-grade, it’s time to upgrade.  HIPAA requires it. Make sure the software is running on all workstations at all times. Effective anti-ransomware detects threats before they become attacks. It works like a security system for your home, buying you—and your IT resources—time to intervene.

“Small and mid-sized businesses like dental practices are often targets of cyberattacks because they are less likely to have full protections in place and devoted information technology personnel to prevent such attacks.”

OSHA Review

2) Insufficient Data Backup

Make sure your critical production servers are backed up locally and to the cloud. This virtually eliminates the risk of losing critical data. It’s also necessary to comply with HIPAA. The law requires that back-ups be maintained, all back-ups are encrypted for security, and a disaster recovery plan is in place.

  • When was your data last backed up?
  • If you had to switch over to your back up right now, would all your data be there?

If patient data is lost, it can take weeks and months to re-create it, slowing your practice to a crawl in the meantime. Re-building patient trust can take much longer and may never be possible.

Sufficient back-up includes ongoing verification of performance. It ensures all data is present and accounted for—and recoverable. The best solutions achieve data recovery in as little as 10 minutes, with no HIPAA fines for lost data and no overall practice downtime.

Back-Up and Disaster Recovery Musts

  • Local, frequent, encrypted back-up
  • Off-site, encrypted back-up
  • Ongoing verification of back-up performance

3) Spotty IT Support

It’s a myth that all IT service providers are the same. Look for a partner who knows Dental IT, responds quickly, and fixes problems the first time.

Many IT partners work across industries, so they may only serve a handful of dental practices each year. That’s not enough to gain the experience and skills needed to support your practice well, look for Dental IT.

The last thing you want to be doing in a crisis is explaining your business and system to IT resources who have never solved your scenario before.

“Just having a firewall or anti-virus software does not cut it in the modern age, so dentists also should consider hiring a cybersecurity company to analyze the security of their own network.”

Black Talon Security

4) Unsecure Firewall

HIPAA makes firewalls mandatory because they help keep external hackers from accessing your internal network and protect the information going into and out of your system. But a firewall isn’t something you can set and forget.

  • How many years ago was your firewall installed?
  • When was it last updated?
  • Is anyone monitoring it’s security in an ongoing fashion?

If you can’t answer these questions off the top of your head, you don’t have the right resources watching your firewall – look to Dental IT.

Explore managed firewall services that have real-time surveillance and automatic security updates built in.

“The firewall can be envisioned as your missile defense system. Not only is it actively protecting outside threats and hackers from getting into the network, but it is also scanning each piece of data incoming and outgoing to prevent malicious software from running and wreaking havoc on your system.”

Reuben Kamp, Founder, Darkhorse Tech

5) Inconsistent Patch Management

Everyone in a dental practice should know when to accept security patches. Authentic alerts reflect software updates that have been made to neutralize new threats.  The problem is that most employees don’t know which alerts are legitimate and which are suspicious, so they avoid them all.

Modern managed service providers like Darkhorse Tech who specialize in Dental IT take this individual guesswork out of the equation with system-wide automation. We monitor our clients’ cybersecurity continuously and patch holes immediately without your staff having to make a tech decision.

What is a Managed Service Provider (MSP)?

An MSP is a company that remotely manages their clients’ IT infrastructure and end-user systems. Clients typically pay a relatively low subscription fee for service based on a monthly contract. They’re usually attracted to the MSP approach because it’s less expensive and less risky than trying to manage security on their own.

Protect Yourself


  • Secure firewall, the first line of defense
  • Regular patch management


  • Strong anti-ransomware software
  • Sufficient backup-up, the last line of defense

Who Bears Your Cyber Liability?

If you don’t follow the federal guidelines for HIPAA compliance to protect your patients’ electronic personal health information (e-PHI), your dental practice is liable. You can face fines starting at $50,000 for each patient health record a cyberattack compromises. Look for a dental technology partner who has cyber-liability insurance to cover both fines and lost revenue in the event of a system failure. Very few partners offer this level of accountability.

Cases in Point

In the latter half of 2019, 400 dental practices fell prey to a single ransomware attack, and 100 dental practices fell prey to another. In both cases, the attacks came through technology partners who did not have cyber-liability insurance to cover their clients’ losses.

About Darkhorse Tech

Darkhorse Tech was founded in 2012 by Reuben Kamp when he saw a void in IT service for the dental field. He left his job at a national Dental IT company to create a more personalized one-on-one service model.

  • Integrity
  • Service
  • Protection
  • Reliability

Darkhorse Tech has grown mainly through referrals to serve nearly 750 dental practices in all 50 states. We have earned our reputation as leaders in delivering managed cybersecurity service for both start-ups and established dental practices.

Our Zero Downtime Dental IT Solutions Span Everything You Need:

  • Full HIPAA compliance
  • Anti-virus and anti-ransomware
  • Back up and disaster recovery
  • Cisco Meraki MX Firewall platform
  • Security monitoring and patching
  • Email hosting and encryption
  • Secure Facebook Wi-Fi

And Everything You Want:

  • IT Technicians specialized in Dental implementations
  • Fastest response and resolution time in the industry
  • Highest customer satisfaction (CSAT) scores
  • Ways to cross-check advice

Let’s get started. Call us today at 800.868.4504

1 reply »

  1. I would add to #1 to configure it properly so it is not annoying you and your employees and cutting down on productivity. The key is having it run silently in the background.

A penny for your thoughts...

This site uses Akismet to reduce spam. Learn how your comment data is processed.