Dental is ground zero: dense HIPAA exposure, cloud PMS (Dentrix, Eaglesoft, Open Dental, Curve) on every workstation, and front-desk staff targeted by phishing daily. 165,000+ patient records compromised in PracticeMax alone. Live HIPAA-aligned training for DSOs and independent practices. Direct Calendly booking. From $150.
Dental practices hold some of the most valuable PHI available: Social Security numbers, dates of birth, full insurance details, and payment card data — all bundled together in a single patient record. On dark web markets, a complete dental patient record can command $250–$500. That's the target.
The delivery vector is the practice management system. Dentrix, Eaglesoft, Open Dental, and Curve Dental are cloud-connected, always-on, and accessed by every workstation in the practice. A single compromised front-desk credential gives attackers access to every patient record in the system. Ransomware groups know this — and they craft phishing emails that impersonate Dentrix support, Eaglesoft billing notifications, and insurance carrier updates specifically to obtain those credentials.
The third factor is DSO consolidation. As dental service organizations acquire independent practices, a ransomware hit on one location can cascade across an entire DSO portfolio through shared IT infrastructure. NAPA Management Services' 2022 ransomware attack showed exactly how a multi-location dental group can lose access to clinical records across dozens of offices simultaneously.
And unlike a hospital, a dental practice has almost no incident response muscle. Most offices have one part-time IT contractor, no documented IR plan, and no staff training beyond what's posted in the break room. That's why dental is ground zero — high value, low defense, clear entry.
The common pattern across all four incidents: credential theft via front-desk staff phishing, not a sophisticated zero-day exploit. The entry point was always a person clicking a convincing impersonation of a vendor, insurance carrier, or PMS provider.
These aren't hypothetical. They're the documented attack patterns from breach reports, HHS OCR enforcement actions, and FBI IC3 dental sector data.
Front-desk coordinators receive dozens of emails daily from insurance carriers, patients, and vendors — making them the highest-value phishing targets in any practice. Attackers craft emails that impersonate Dentrix support alerts, Delta Dental billing notices, and Cigna credentialing updates. One click exposes every patient record in the PMS. These are the exact emails that preceded the PracticeMax and Westend Dental incidents.
Dental practice management systems — Dentrix, Eaglesoft, Open Dental, Curve Dental — are cloud-connected and always authenticated, making them high-value ransomware targets. CBCT imaging systems often run legacy Windows versions with no patch schedule. Attackers who establish a foothold via phishing can deploy ransomware across the entire clinical network within hours, encrypting patient records, imaging files, and billing data simultaneously.
Business email compromise targeting dental insurance reimbursements is underreported but documented. Attackers compromise practice billing email accounts, intercept communications with Delta Dental, Cigna, Aetna, and MetLife, and redirect reimbursement payments to attacker-controlled accounts. A single diverted insurance check can represent weeks of claims. Multi-location DSOs face this risk at scale across every participating practice's billing address.
PracticeMax is the textbook case: a breach at a third-party dental billing vendor exposed 165,000+ patient records across multiple practices simultaneously. Dental practices regularly grant elevated access to billing vendors, IT contractors, and DSO management systems — without documented vendor risk assessments required by HIPAA §164.308(a)(1). Every vendor connection is a potential entry point your team didn't phish-proof.
Not generic security awareness videos. Dental-specific scenarios drawn from PracticeMax, Henry Schein, Westend Dental, and HHS OCR enforcement patterns. These are the exact attack vectors your front desk, billing coordinator, and office manager face daily.
Front-desk coordinators process insurance authorizations, patient communications, and vendor updates under scheduling pressure all day — exactly the conditions attackers exploit. This drill uses real dental-sector phishing templates: spoofed Dentrix support alerts, fake Delta Dental audit notices, and impersonated Cigna credentialing requests. Participants learn to identify the specific signals that distinguish attacker email from legitimate vendor communication.
When ransomware hits a dental practice, the decisions made in the first 30 minutes determine whether you recover in days or weeks. Do you shut down the PMS? How do you handle patients scheduled that day? What do you tell your billing vendor? This tabletop walks office managers through the NAPA Management Services and Westend Dental scenarios — dental-specific decisions most IR plans don't cover.
Business email compromise targeting dental insurance reimbursements is a documented threat for both independent practices and DSOs. This drill trains billing coordinators on the specific BEC patterns used to redirect insurance payments: impersonating Delta Dental ACH updates, intercepting billing email threads, and spoofing DSO finance team requests. Participants leave with a verification protocol that catches BEC before a payment is diverted.
PracticeMax proved that a third-party billing vendor can expose 165,000+ dental patients without the practices ever being breached directly. HIPAA §164.308(a)(1) requires a documented risk analysis that includes business associates and sub-processors. This drill walks practice managers through a HIPAA-compliant vendor risk assessment process — including the questions to ask every PMS provider, IT contractor, and DSO management vendor before granting data access.
The HIPAA Security Rule's Administrative Safeguards mandate a security awareness program covering malicious software protection, login monitoring, and password management. HHS OCR enforcement actions have cited the absence of documented workforce training as a contributing violation factor — and the Westend Dental Indiana class action illustrates the patient litigation risk. Sessions with SecurEveryone generate the training completion documentation required by HIPAA, your cyber insurance carrier, and state dental board rules in CA, TX, NY, and FL. That documentation is included with every session tier.
HIPAA Compliance Training for Dental →A step-by-step playbook for the first 60 minutes after ransomware hits your dental practice — covering PMS isolation, patient communication, HIPAA OCR notification, and cyber insurance claim initiation. Built from the patterns in the PracticeMax, NAPA, and Westend Dental incidents.
Download the Free Ransomware Response Playbook →The single document that determines whether you recover from ransomware in days or weeks. Includes a 12-page IR plan template with a dental-specific decision tree: PMS triage, patient communication script, HIPAA OCR notification checklist, and state dental board reporting obligations. 83% of SMBs have no written IR plan — this is how you become the 17% that do.
Download the Free IR Plan Template →All three tiers include dental-specific threat scenarios, HIPAA training documentation, and a post-session summary. Pick the tier that fits your practice or DSO.
Yes. Every session generates a training completion record that satisfies HIPAA §164.308(a)(5) Administrative Safeguard requirements. The documentation includes session date, topics covered, attendee list (Business tier), and trainer credentials. This is the documentation HHS OCR requests in breach investigations and that cyber insurance carriers require at renewal. Dental practices also need to comply with state dental board rules in CA, TX, NY, and FL — our documentation format addresses those state-level requirements as well.
Yes. Our dental training drills cover the phishing and credential-theft attack patterns documented against Dentrix, Eaglesoft, Open Dental, and Curve Dental specifically. We train front-desk staff on how attackers impersonate these vendors in support emails, billing notifications, and system alerts. We also cover the credential security settings in these platforms — what dental practices should configure to reduce exposure. Every session is updated based on the most recent dental-sector threat intelligence we monitor.
Yes. The Business tier (unlimited users, $900 flat) is purpose-built for DSOs and multi-location dental groups. We structure the session around shared infrastructure risk — the cascade failure pattern that hit NAPA Management Services — and cover how a breach at one location can propagate through shared billing, IT, and PMS access. For DSOs with more than 200 staff or more than 10 locations, contact us before booking to discuss bulk pricing and multi-session scheduling.
HIPAA's Breach Notification Rule (45 CFR §164.404) requires dental practices to notify affected patients within 60 days of discovering a breach involving unsecured PHI. If 500 or more patients in the same state are affected, you must also notify HHS and prominent media outlets in that state simultaneously. If fewer than 500 are affected, you report annually to HHS. State breach notification laws in CA, TX, NY, and FL have their own timelines that may be shorter — some require notification within 30 days. Our Executive and Business sessions cover the notification decision tree and documentation requirements so you're not making these decisions for the first time during an active incident.
Yes — and the requirements have tightened considerably since the PracticeMax and Henry Schein incidents. Most dental cyber insurance renewals now require documented evidence of annual security awareness training, multi-factor authentication on PMS access, and a written risk assessment. Carriers including Chubb, Travelers, and Beazley have added these as hard conditions for dental coverage. Our training completion records satisfy the documented training requirement, and we can provide the session summary in the format most carriers accept as evidence at renewal.
Independent practices face the same threat vectors — front-desk phishing, PMS ransomware, BEC on insurance billing — but without the IT resources a DSO can deploy. Training for independent practices focuses on what a 5-to-15-person team can realistically implement: browser bookmark verification instead of clicking PMS vendor emails, two-person approval for payment changes over $500, and a written contact list for insurance carrier fraud departments. DSO training adds the cascade risk layer: how shared infrastructure, shared billing vendors, and shared IT contractors create multi-location exposure from a single breach point.
Same week in most cases. Personal sessions book within 48 hours via Calendly. Executive sessions typically schedule within 3–5 business days. Business tier includes a brief intake call to confirm headcount and session timing, then we schedule your 2-hour team webinar at your convenience — including evenings and weekend slots for practices that can't take staff off the floor during clinic hours. Emergency sessions for active breach concerns are available within 15 minutes, 24/7. No procurement process, no proposal delay — book directly via Calendly.
In addition to federal HIPAA obligations, dental practices in major states face state breach notification laws: California (CCPA/CMIA — 72 hours for certain healthcare breaches), Texas (HB 3746 — 60 days, with specific AG notification for breaches over 250 Texans), New York (SHIELD Act — expedient notification, with HIPAA compliance as a safe harbor), and Florida (§501.171 — 30 days for businesses, separate HIPAA timeline applies for covered entities). Our Executive and Business sessions include a state-specific notification checklist. Practices operating across state lines should also check the state dental board rules in each state they operate in — some have their own reporting requirements beyond HIPAA.
PracticeMax, Henry Schein, Westend Dental, NAPA — every incident started with a phishing email your front-desk staff could have flagged. Book a session and get your practice trained before the next OCR enforcement action or ransomware notice lands in your inbox.