Search Dental Tribune

According to cybersecurity expert Anne Genge, people—not technology—are the key to protecting dental practices from cyber-attacks. (Image: Suriyo/Adobe Stock)

Tue. 7. October 2025

save

It is common to think of cyber-attacks as isolated incidents—one office, one victim, one mistake—but in reality, practices are connected. The systems they use, the patients they share, the platforms they log into all link them in ways that are not always evident. If your practice is hacked, it could affect your patients, your employees and even other practices. One breach becomes many. That is why cybersecurity is not just a technical problem; it is a collective responsibility. Just like infection control, when everyone follows best practices, they protect not just themselves but each other. The more practices educate, train and support their teams, the stronger they all become. In cybersecurity, no one is an island, and that means that everyone is at risk—but it also means that everyone can be part of the solution.

In the first three parts of this series, we discovered what makes dental practices vulnerable to cyber-attacks, explored the types of threats most commonly used by cybercriminals and shared strategies to proactively secure your systems and data. We also reviewed the importance of having a strong backup, disaster recovery and business continuity plan, as well as testing those systems regularly to ensure that they will work when you need them most.

“You can spend tens of thousands of dollars on software, backups and security tools, but it only takes one person to accidentally click on a link, reuse a weak password or be tricked by a scam for everything to come crashing down.”

In this fourth part, we will move on to the final topic: the human element of cybersecurity. If you remember only one thing from this whole series, let it be this: people are key. Your team—internal and external—is your greatest asset and your greatest risk when it comes to cybersecurity. You can spend tens of thousands of dollars on software, backups and security tools, but it only takes one person to accidentally click on a link, reuse a weak password or be tricked by a scam for everything to come crashing down. Despite all the technology, it is people who open the doors to cybercriminals, and it is people who need to be trained and empowered to keep those doors shut.

AI makes phishing smarter—and more difficult to identify

Phishing scams are still the number one way that cybercriminals break into businesses of all sizes, including dental practices. These attacks often look like legitimate messages from vendors, patients or even other team members. They may contain links or attachments that, once clicked, install malicious software or steal log-in credentials. In many cases, these phishing messages lead directly to ransomware attacks that lock the practice’s data and demand payment.

As we discussed previously, dental practices are good targets for cybercriminals because they know that they lack IT resources and cybersecurity skills. Now, artificial intelligence (AI) has also made it possible for attackers to launch massive phishing campaigns that are personalised and convincing. These crafted phishing messages are not the old scam emails full of typos and red flags. Today’s phishing emails are almost indistinguishable from genuine communications. Some even use your branding, your logo and your typical language style. We are now seeing this expand into text messages and phone calls too. Cybercriminals can harvest your social media, website and other public information to create messages that sound just like they came from a real person your team knows. If someone on your team is distracted, tired or simply unaware of these tactics, he or she could fall for this messaging.

Cybersecurity is not just a technology problem

Most of the incidents I see are not caused by a failure of the technology itself. Firewalls, antivirus software and backups usually do their jobs—but none of that matters if someone opens the front door to the attacker. That is what phishing and social engineering do. They trick people into opening the door.

That means that practices must stop thinking about cybersecurity as just an IT problem. It is not. It is a business problem, a human problem, and it needs to be treated as such. Every member of the dental team, including the front desk staff, clinical staff and leadership, plays a role in keeping the practice secure.

The training gap in dental practices

In many practices, cybersecurity is never talked about unless something goes wrong. There are no formal training sessions, no team discussions, and no policies or procedures on what to do if a suspicious message is received. Most people do not know what a phishing email looks like or how to report one, and fewer still understand the steps to take if they think that they have clicked on something suspicious.

“In many practices, cybersecurity is never talked about unless something goes wrong.”

This gap is leaving practices vulnerable. Cybercriminals count on this lack of awareness. They know that small businesses, especially healthcare providers, often do not prioritise cybersecurity training. Dental practices are particularly attractive targets because of the type of data they hold.

If you are thinking that your practice is too small to be targeted, think again. Most of the incidents I respond to have occurred in small to mid-sized offices—because they have limited IT resources and lack of awareness, making them easy targets. The attackers do not care about the size of your practice. They care about how vulnerable you are. They can send thousands of scam messages per day knowing that at least a few practices will fall for these and give them access to a network.

Building a culture of awareness

So what can you do? The answer is not just another piece of software. The real solution is to build a culture of cybersecurity awareness in your practice. This means that everyone knows the basics, feels comfortable asking questions and understands that cybersecurity is part of their role.

Here are some practical steps to get started:

  1. Start with leadership. If you are the practice owner or manager, make cybersecurity training a priority. Set the tone that this is important, and your team will follow.
  2. Provide regular training—not just once a year. Make it part of your ongoing team development. Include phishing examples, short videos, and lunch-and-learn sessions. Hire a qualified trainer to train your team.
  3. Customise training by role. Front desk staff face different risks from those faced by clinical team members or managers. Tailor the training so that it is relevant and practical.
  4. Make reporting easy. Create a simple way for team members to report suspicious emails or texts. Reinforce that there is no shame in reporting: it is a sign of a strong culture, and it is a learning moment.
  5. Reinforce with reminders. Use posters, log-in screen messages or even stickers to keep cybersecurity top of mind.
  6. Celebrate wins. If someone reports a phishing attempt, acknowledge it. Create a “cyber hero” award. Make security part of your practice pride. Make it a competitive advantage.
  7. Review and update policies. Know your compliance requirements. Your privacy and security policies should be up to date and easy to understand. Include what to do if someone suspects a breach.

Why this matters more than ever

AI is not just helping the good guys; it is giving cybercriminals new ways to trick practices. That means that the old defences are no longer enough. Every person on your team is now part of the cybersecurity system. If one person fails, the whole system can fail. But the flip side is also true: when your team members are trained and confident, they become your strongest line of defence.

It is not about perfection; it is about progress

No one gets everything right all the time. People make mistakes. That is human. But with the right training and support, those mistakes can be minimised, and when something does go wrong, a well-trained team knows how to respond quickly and effectively. Cybersecurity for your office lies in building skills and confidence. When your team knows what to watch for, what to do and who to tell, you are not just protecting your data, you are protecting your business, your patients and your reputation. The future of cybersecurity in dentistry is one where digital systems support exceptional care and where every team member understands his or her role in keeping those systems safe. From chairside to cyberspace, it is the people who matter most.

Editorial note:

This article was published in digital—international magazine of digital dentisty vol. 6, issue 3/2025.

Topics:
Tags:
To post a reply please login or register
advertisement
advertisement