Message Boards
Today's Active Topics Today's Active Cases Browse Forum Categories My Recent Activity My Messages Private Groups My Marked Threads My Subscriptions
Today's Active Images Today's Active Polls Most Active Topics Global Townie Map Advanced Message Board Search Message Board Terms of Use

What Would You Do If a Ransomware Attack Hit Your Practice Tomorrow? by Robert Niles

View Comments (50) More by this author (2)
Protect Your Practice 

A Step-by-Step Guide to Building a Cybersecurity Response Plan That Protects Your Dental Practice from Costly Downtime and Data Loss

by Robert Niles

Samantha arrived at the dental practice early, as she always did. She brewed the coffee in the break room, turned on the lights, the machines, and finally her computer monitor, only to be faced with the following chilling message:
"Oops! Your files have been encrypted. Many of your documents, photos, videos, databases, and other files are no longer accessible. Don’t waste time looking for a solution. Only our decryption service can recover your files. Send $300,000 worth of Bitcoin to this address within 72 hours, or your data is gone forever and we will share your practice information with others."

Shocked, she tried another computer. Same message. Then another. Desperation mounting, she even rebooted the server. The ransomware message popped up again.
Panic had fully set in by the time the rest of the dental team arrived. The doctor was at a loss. Questions flew: "Has anyone called IT?" "What kind of ransomware is this?" "How did they get in?" "Can we still see patients today?" “What do we do?”

No one had answers. No one had a plan. Chaos reigned.

In a different dental practice in a different town, the same cyberattack occurs:
Denise sees the same ominous ransomware message on her monitor. But instead of panicking, she retrieves the practice's Cybersecurity Incident Response Playbook. She follows its instructions: contact leadership, reach out to the IT team, and begin containment protocols. The IT team arrives, confirms the attack, begins data preservation and recovery, and activates alternative systems to keep the practice operational.

Legal counsel is consulted, regulatory authorities are notified, and the patients scheduled that day are still seen because this practice was prepared.

Both scenarios are unfortunate. But only one ends in resilience.

Your ability to respond effectively to a cyberattack can mean the difference between a single bad day and a weeks-long shutdown that costs your practice tens of thousands of dollars. Which practice would you rather be? Denise’s, of course, but to be that practice, you and your dental team need to be trained and prepared.

To build your plan, we recommend using the National Institute of Standards and Technology (NIST) Special Publication 800-61 Revision 3 as a foundation. While this guide specifically addresses computer security incidents, its principles can be adapted for broader disaster recovery planning, including natural disasters or hardware failures.

Let’s walk through the three main stages of the incident response lifecycle:

1. Preparation
Always Ready
Although NIST places this section at the end of its recommendations, in reality, preparation is your most important step. Without it, everything else becomes a scramble. The good news? It’s something you can take action on right now, so you’re ready long before anything goes wrong.
As a lifelong cybersecurity professional, I can tell you: prevention costs much less than recovery. But remember: no system is invulnerable. Your goal isn’t to eliminate risk entirely, but to reduce it to a level you can tolerate. This is a decision that every practice must make individually.


Governance: Establish an Incident Response Policy
Your written policy should define:
  • What constitutes a cybersecurity event (not every issue is a full-blown breach).
  • What events trigger an emergency response.
  • What the thresholds are for various levels of response.
Examples of incidents requiring immediate action:
  • Ransomware attacks: Malicious software that locks your files and demands payment to restore access.
  • Compromised vendor software (e.g., Microsoft, Google, Dropbox): When trusted software providers are hacked, putting your data at risk.
  • Phishing or smishing attempts: Fraudulent emails or texts designed to trick team members into giving away passwords or clicking harmful links.
  • Unauthorized network or device access: When someone gains entry to your systems without permission, often silently.
  • Breaches of third-party platforms (e.g., dental management software, email, or payment processors): Hackers exploit weaknesses in the tools you rely on, potentially exposing patient data.
  • Natural disasters: Such as earthquakes, tsunamis, tornados, hurricanes, fire, flooding, etc.

Roles and Responsibilities
Define your Incident Response Team (IRT) and determine who should be contacted, in what order, and what each person or team should do:
  • Leadership: The decision-makers and funders of the response.
  • Incident Handlers: IT professionals tasked with verifying and responding to the event.
  • Internal Staff: Team members with tech knowledge.
  • Outsourced IT Providers: Preferably local and skilled in cybersecurity.
  • Cybersecurity Consultants: For advanced threat containment and forensics.
  • Technology Vendors: Contact points at Microsoft, Google, Dentrix, Eaglesoft, etc.
  • Legal Counsel: To navigate reporting requirements.
  • Public Relations: To communicate clearly with patients and media.
Ensure that each role is communicated to your team, otherwise they won’t know who does what or even what instructions they should follow. Any new team members join your team, make sure they’re aware of who does what in a cybersecurity emergency. Also, it’s important that you pay close attention to what I call “bitrot,” which is when information like contact names and numbers, software changes, or other changes that cause your plans to become invalid.


Build a Response Playbook
Create a printed and digital Incident Response Playbook with contact lists, flowcharts, and action steps. Make sure you keep a copy onsite and also offsite (I recommend it lives in the residence of your dental practice’s designated security/privacy officer or the office manager).
Conduct tabletop exercises at least annually. Walk through a hypothetical attack to test your plan, update it, and ensure everyone knows their role. These exercises can be revealing, and often can be an enjoyable experience for your team. Responding to an emergency is easier when the people involved have a good understanding of the process.


2. Detect, Respond, and Recover
Detect
Be vigilant. Use antivirus tools, firewall logs, and threat monitoring systems. Train your staff to recognize suspicious emails or behavior.
Prevention Reminder:
Do The Easy Stuff!
Cybersecurity doesn’t have to be complicated. Before you get fancy with firewalls and Cybersecurity Lifecycles, start with the basics. Most security breaches happen because of stuff that’s totally preventable. Knock out these five fundamentals, and you’ll be well ahead of the game:
  • Practice Password Hygiene: Use a password manager. Never reuse passwords. Ever. Your dog’s name isn’t cutting it - so make sure they’re at least nine characters long and include numbers and unique symbols.
  • Do Your Updates: Update your browsers, software and systems regularly. Those “annoying” update notifications? They’re your first line of defense.
  • Mitigate Risk: Turn off features you don’t use. If you don’t need a remote desktop, don’t have one. If you don’t need it, don’t run it.
  • Train Your Team: Phishing, spoofing, click-happy mistakes. Cybersecurity is a team sport. Make sure everyone is playing smart.
  • Back Up Your Data: Ransomware can’t hold you hostage if you’ve got clean backups ready to roll.
Respond
When an incident is confirmed:
  • Activate the response team and follow the playbook.
  • Contain the threat: Contact your IT team, let them guide you on how to contain the incident.
  • Preserve evidence for analysis.
  • Communicate clearly with staff and, if necessary, patients.

Recover
  • Restore from backups (following the 3-2-1 rule: three copies, two formats, one offsite).
  • Check integrity of restored data.
  • Validate all systems before resuming full operations.
  • Debrief the team and document all lessons learned.

3. Lessons Learned
After recovery, review:
  • What went well?
  • What failed?
  • What updates are needed in your plan?
Take those lessons learned and update your Incident Response Playbook. This is crucial to helping you to better manage the next incident.

Cybersecurity is not a “set it and forget it” process. Review your incident response plans annually or sooner if a major change occurs (e.g., new software or vendors).


Final Thoughts
Every dental practice is a potential target. Think of what lives in your practice management software: social security numbers, insurance data, credit card details, and complete health histories. Now imagine losing all of it in an instant. Cybercriminals know dental offices rely on real-time access to patient information to deliver care. They also know that downtime equals lost revenue, which makes dental practices more likely to pay. That’s why it’s no longer a matter of if an attack will happen to your practice, but when. You don’t need to become a cybersecurity expert overnight. But you do need a team, a plan, and the discipline to prepare.
Start now. Before you're forced to.
Want more practical cybersecurity tips? Check out Niles' “Protect Your Practice” article featured in the May issue of Dentaltown.
Author Bio
Robert Niles Robert Niles is the information security officer at Productive Dentist Academy and a certified information systems security professional (CISSP). He can be reached at robert@productivedentist.com.






Dentaltown Magazine
September 2025
Dentaltown Magazine September 2025 Read Current Issue Read Archived Issues
Sponsors
Townie Perks
Townie® Poll
Who or what do you turn to for most financial advice regarding your practice?
  
Site Menu
Message Boards Magazine Continuing Education Podcasts Blogs Classifieds Dental News Events Townie® Poll Ebooks Townie Choice Awards
Company Info
Contact Us Advertise With Us Howard Farran DDS, MBA Policies and Agreements
Site Help
The Dentaltown Team, Farran Media Support
Phone: +1-480-445-9710
Email: support@farranmedia.com
©2025 Dentaltown, a division of Farran Media • All Rights Reserved
9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 • Phone:+1-480-598-0001 • Fax:+1-480-598-3450