From chairside to cyberspace

Anne Genge

Thu. 31. July 2025

save

In Part 2 of this series, we talked about common cyber threats affecting dental practices. Imagine coming into the office on Monday morning, only to find all of your patient records locked, your schedule inaccessible and your imaging systems frozen. This is ransomware, the most common type of cyber-attack being used against organisations of all sizes today. No patients can be seen. No billing can happen. Patients start arriving and you have no answers. Everything grinds to a halt, and there is the potential of losing all your data.

Every dental office faces serious risks such as fire, theft, flood, server failure or a ransomware attack. Many teams assume that their data is safe because they have a backup—but most traditional backups are not enough.

Take the real case of a general dentist who arrived one morning to find a chilling message on his screen: “Your files have been encrypted. Pay $50,000 in Bitcoin or lose everything.”

He thought he had good backup. However, when his IT team went to restore from that backup, there was months of data missing. The backup had never been tested. He paid the ransom and still could not recover everything. Critical imaging data, treatment notes and patient records were permanently lost. His practice had no failover system, so it was offline for days, losing thousands in revenue, and it had a damaging effect on patient trust.

This case is not an isolated one. It highlights the urgent need for comprehensive business continuity plans, not just backups, to ensure that dental offices can recover quickly and fully from any kind of disaster.

What went wrong?

The practice did not have an effective disaster recovery plan.
The practice did not have failover technology.
The practice had never tested its backups.

Did you know? A backup is not a business continuity plan

Today’s dental practices are much more reliant on connectivity than they were 20 years ago. Today, many offices are highly digitised, employing digital diagnostics, digital patient records, automation, artificial intelligence and more. This means that the majority of dental offices cannot afford any downtime, let alone days of it, and they certainly cannot suffer data loss.

“A failed backup, a ransomware attack, a server crash—these events can shut down your practice for days, weeks or forever if you are not properly prepared.”

Most dental offices have some form of backup. Often, it is a cloud service that runs every night and/or an external drive that the team rotates once a week. While these methods can store data, they do not do a great job of protecting the practice from downtime, data loss or the stress of system failure.

Like the case just described, today’s risks are much more complex. The common types of disasters dental offices face are:

cyber-attacks, such as ransomware, phishing and hacking;
hardware failures, such as dead servers and crashed hard drives;
natural disasters, such as fires, floods, earthquakes and power outages;
theft or vandalism, such as stolen computers or malicious damage;
human error, such as accidental file deletion or misconfigurations; and
software corruption, such as bad updates that damage the system.

No matter how careful you are, something will happen. The question is: how fast can you recover? Each of these incidents can stop a practice in its tracks, and without a proper plan, recovery could take days or weeks. What most dentists do not realise is that backup is just one part of what they need. Without a full business continuity plan, your patients, revenue and reputation are still at risk. Unfortunately, this is not a distant possibility. It is happening to dental practices every single week across North America. A failed backup, a ransomware attack, a server crash—these events can shut down your practice for days, weeks or forever if you are not properly prepared. According to the National Cybersecurity Alliance, a US non-profit organisation, 60% of small businesses that suffer a major cyber-attack are out of business within six months.¹

That is why understanding this matters: every dental practice needs not just a backup but a comprehensive backup, disaster recovery and business continuity solution designed specifically for the speed and complexity of modern dentistry and the unique needs of each individual dental practice (Table 1). Backup saves your data. Disaster recovery restores your systems. Business continuity keeps you treating patients. You need all three working together—not just one.

Table 1.

Questions every dentist must ask about backup and recovery

Before disaster strikes, sit down with your IT provider (or cybersecurity professional) to obtain clear answers to these critical questions:

Is all of my data backed up? Practice management data, as well as imaging data, accounting data, desktop files, laptop data and email archives, must be backed up.
How frequently is it backed up? Backups should happen hourly or more frequently, not just nightly.
How quickly can my practice recover from the worst-case scenario? If it would take days, your patients and business are at serious risk.
Are my backups tested regularly? Untested backups means unreliable backups.
Are my backups protected against ransomware? If not, attackers can find and encrypt or delete your backups too.
Are my backups encrypted? Data must be encrypted at rest and in transit to protect confidentiality.
Can the practice continue seeing patients even if the server fails? This is the difference between surviving and closing your doors.

Why traditional backups often fail dental practices

“Too many dentists still rely on outdated backup methods like external drives or cloud storage.”

Too many dentists still rely on outdated backup methods like external drives or cloud storage without any recovery plan. Here is why traditional backups fail today:

They do not back up everything. Desktops, laptops and imaging are often missed.
They do not run often enough. Nightly backup means potentially 12 or more hours of lost data.
They are not tested. They are assumed to work—until they do not.
They can be attacked too. Ransomware often corrupts backups first.
They take days to restore. Waiting for a new server, reinstalling software and restoring data is not a fast process.

The bottom line is that old-school backups protect your files—not your business.

Solution: Modern dental practices need instant virtualisation

Instant virtualisation is the launching of a live version of your server from a backup device. Instant virtualisation is the gold standard for dental practice data protection today. In simple terms, if your server goes down or is crippled by a cyber-attack or any other disaster, you could boot up a working copy almost immediately from your backup appliance or cloud. This means no reinstalling, no waiting days for IT and minimal downtime. Think of it as a spare tyre for your entire dental office, ready to go when you need it. Businesses with instant virtualisation recover up to 90% faster than businesses with old-school backups.²

The benefits of instant virtualisation are:

access to patient records in minutes, not days;
built-in ransomware protection with secure snapshots;
automatic backup testing—so you know your recovery will work; and
hybrid backup, combining local (fast) and cloud (secure)
options.

Understanding RPO and RTO

Recovery point objective (RPO) and recovery time objective (RTO) are the two numbers that could save your practice (Table 2). Dentists need to understand two simple concepts when designing their backup plans:

A high RPO means major data losses, which is bad for patient care and regulatory compliance. Aim for an RPO of under 1 hour.
A long RTO means a long downtime and thus lost revenue and unhappy patients. Aim for an RTO of under 2 hours where possible.

Table 2.

Final thoughts and tips: Resilience is strategy, not software

It is time to go beyond backup. If your current solution does not protect your entire system, recover quickly and allow operations to continue, it is not enough. Stop accepting cookie cutter solutions designed for someone else’s business model. Your practice deserves a plan built for your needs—with input from professionals who understand the dental environment. Ask yourself: if disaster hit tomorrow, could you keep seeing patients the same day?

Critical blind spots to fix immediately:

not backing up all data, especially imaging and desktop files;
no backup testing schedule—untested means unsafe;
no ransomware-resistant backups—criminals can target your backup too;
unencrypted backup drives—at risk if stolen; and
no plan for failover internet or power—a power outage can be as deadly as ransomware.

Determine your RPO and RTO and investigate instant virtualisation solutions for:

a quick return to operations;
protection against ransomware;
minimal financial impact; and
minimal regulatory impact.

Test your backup like it is a fire drill:

Test backups at least quarterly.
Testing verifies RPO and RTO.
Require automated backup verification where possible.

Editorial note:

This article was published in digital—international magazine of digital dentisty vol. 6, issue 2/2025.

References

National Cybersecurity Alliance. (2022). Small Business Cybersecurity Statistics. https://staysafeonline.org
Datto, Inc. (2023). State of Ransomware Report. https://www.datto.com/resources/state-of-ransomware-report-2023