Over the past year, cyber attacks against practices in healthcare-related fields increased by 55%, impacting more than 26 million Americans1. This increase paired with the average cost per breached record of $499 can be worrisome for orthdontists2.


Double exposure of a laptop computer keyboard exposing the electronics underneath.

To help prevent cyber attacks at orthodontic practices, try these 5 strategies:

5 Ways to Help Prevent Cyber Attacks at Orthodontic Practices — #1: Utilize multi-factor authentication

To provide you with additional layers of security and more protection to combat hackers, most organizations are now using Multi-Factor Authentication (MFA) or two-factor authentication (2FA). The more layers you have in place, the less risk you have of an intruder gaining access to your critical systems and data.

MFA increases the security of user logins beyond just having a longer and more complex password. With MFA, users are required to acknowledge a phone call, text message or an app notification on their smartphone after correctly entering their password. This added layer of security will help you further protect your practice from being the next victim of a cyberattack.

While multi-factor authentication is much stronger than simply using passwords, don’t let your guard down. Cybercriminals have also found ways to hack MFA. It is critical to follow best practices when it comes to all types of data security.

Work with a company that provides ongoing vulnerability management, penetration testing and continual staff training.

5 Ways to Help Prevent Cyber Attacks at Orthodontic Practices — #2 Implement password protocol

With new technology, some hackers can crack simple passwords of up to 8 characters instantly. Even properly chosen passwords that include numbers, symbols, uppercase and lowercase letters can be cracked in just a few minutes to hours if they are shorter than eight characters long.

Using passwords to protect your data used to be sufficient and had been the best solution for controlling access to systems containing sensitive data. Unfortunately, this is no longer the case.

Today, we seem to have too many passwords for our various devices, passwords are too simple (i.e., password, 1234, our pet’s name, etc.), we use the same or similar passwords for almost all of our accounts and we are not changing passwords on a regular basis. And, believe it or not, many individuals share their passwords with others, which is a recipe for disaster.

Hackers will try and steal your passwords by methods such as keylogging and phishing. When these cybercriminals have gained access to your system, they then can steal and destroy your data, change programs and services, and may even transmit spam or malicious code.

To better protect your systems, ensure you:

  • Require strong passwords of 12+ characters that contain a combination of uppercase and lowercase letters, numbers and symbols.
  • Don’t allow weak passwords, such as “12345” or “password1” and words from the dictionary or patterns of numbers or symbols.
  • Always require the use of different passwords for each account and service. A trustworthy password manager can be utilized if needed.
  • Enforce strong password safety measures on company mobile devices and laptops.
  • Incorporate rolling updates to prompt users to change passwords either monthly or quarterly.
  • Update relevant passwords when a personnel change occurs.

5 Ways to Help Prevent Cyber Attacks at Orthodontic Practices — #3 Always allow software updates and patches

Patching and updates maintenance is an incredibly important part of your cyber risk protection as new vulnerabilities in software files and systems may be discovered regularly.

Patches published to fix the bugs can occur as often as once a day, so managing this process is key:

  • Conduct a comprehensive inventory of devices, OS versions and applications. Forgotten systems and devices can lead to neglected updates and the risk of a successful attack.
  • Determine how often critical services are patched and updated and look for ways to minimize risk from unpatched vulnerabilities.
  • Monitor for new patches and vulnerabilities, and ensure a process is in place for testing, configuring and rolling out fixes.
  • Audit your patches to ensure your administrators are aware of any failed or pending patches that may be critical.
  • Always check with your IT company to make sure updates won’t impact any of your systems.

5 Ways to Help Prevent Cyber Attacks at Orthodontic Practices — #4 Train employees

Cybersecurity Awareness Training is critical and is also required to be HIPAA compliant. Many workers know they should avoid a suspicious email but spotting today’s most common phishing tactics is getting more difficult. Recent tricks include:

  • Phishing
  • Spear phishing
  • Social engineering
  • Malware
  • Ransomware
  • Physical security
  • Removable devices
  • Targeting Bring Your Own Device (BYOD) policies
  • Password management and “sharing”
  • Wire fraud schemes

5 Ways to Help Prevent Cyber Attacks at Orthodontic Practices — #5 Ongoing vulnerability scans and risk assessments

Vulnerability scanning
One of the most effective ways of mitigating cybersecurity risks is through real-time vulnerability scanning of all computers. Vulnerability scanning looks for “unlocked doors and windows” that a hacker can exploit to gain access to the network and data.

The vulnerability management tool works by scanning every single device on the network against a database containing tens of thousands of known vulnerabilities and then reporting the exact vulnerabilities, risks and a comprehensive remediation process. Firewalls should also be scanned for vulnerabilities monthly.

Cybersecurity risk assessments

It is important to understand and identify all aspects of the network, and specifically understand who has access and where data is stored. An in-depth analysis can help identify weaknesses in the business’s network that would enable unauthorized access to data and/or the network.

These scans and assessments should be conducted by a cybersecurity firm, not your IT vendor.


The Importance of Cyber Liability Insurance and Working with a Dedicated Cybersecurity Specialist
If a cyber attack does occur at your practice, the associated costs can add up quickly and cyber liability insurance is helpful in protecting your practice against these costs.

Through your AAO membership, you have access to Cyber Liability Insurance from Lockton Affinity. This policy includes first and third party coverage options to address cyber extortion, breach of data privacy, contractual liability, copyright infringement and rogue employees. Plus, you can choose policy limit options from $100,000 to $10M and there are no sublimits for incidents of cyber theft, social engineering loss, ransomware and more.

Also, through your AAO membership, you have access to Black Talon’s cybersecurity specialists who protect the critical data your practice depends on, keeping you safe from lengthy business shutdowns, financial and reputational losses, non-compliance fines.

As a specialist in orthodontics, we encourage you to work with a specialist in cybersecurity to assess the effectiveness of your current cybersecurity efforts. Cyber liability coverage and working with cybersecurity specialists are the cost of doing business today, as cybersecurity is now a must have service. These elements will help to ensure that you are running a secure and successful practice.



1, 2 Bitglass. Northwestern University, John Muir Health, The Wall Street Journal. 2021, Healthcare Breach Report 2021.