Full Article
The Problem Is Worse Than You Think
Let's skip the part where we ease you into this. Healthcare ransomware attacks surged 58% in 2025, totaling 636 attacks on the sector. Q4 alone saw a 50% spike. Over 16.5 million patient records were exposed. And dental practices aren't some peripheral target — they're increasingly the preferred one.
Why? Because most dental offices run on thin IT budgets, outdated backup strategies, and the assumption that hackers go after hospitals, not a four-operatory practice in suburban Wisconsin. That assumption is wrong, and it's costing practices millions.
Real Practices, Real Damage
This isn't abstract. Here's what happened to practices just like yours:
Absolute Dental (Nevada, Feb 2025): 1.2 million patients exposed across 50+ locations. The attackers didn't even breach Absolute directly — they went through their managed IT vendor. If you're outsourcing your IT and assuming that means you're covered, this should keep you up at night.
First Choice Dental (Wisconsin, Oct 2023): Initially thought only 1,000 patients were affected. The real number? 159,000. They settled the resulting class action for $1.225 million. That's the kind of math that closes practices.
True Dental Care (Pennsylvania, Feb 2025): 17,640 patients affected. They didn't pay the ransom. They restored from backups. That's the right call — and it only works if your backups actually exist and actually work.
Westend Dental (Indiana): Paid a $350,000 settlement not because of the breach itself, but because they delayed telling patients about it. The cover-up — or in this case, the slow-walk — costs more than the crime.
And in January 2026 alone, both 360 Dental PC in Pennsylvania (11,273 patients) and Pecan Tree Dental in Texas (13,300 patients) disclosed breaches. This isn't slowing down.
The Ransom Math Has Changed — But It's Still Brutal
Here's the one piece of good news buried in the data: average ransom demands dropped to $615,000, down 84% from 2024's staggering $3.9 million average. The ransomware groups — Qilin, INC, SafePay, Sinobi, Medusa — figured out that smaller demands get paid faster.
But let's be honest: $615K is a meaningless average for a dental practice. The real threat is the $50K–$150K demand that lands on a practice doing $1.5M in annual revenue. That's not a rounding error. That's payroll for a quarter. And that's before you factor in downtime, patient notification costs, potential lawsuits, and the HIPAA fines.
The Laptop Problem Nobody Talks About
Ransomware gets the headlines, but here's a stat that should bother you: 62% of dental data breaches since 2010 came from device theft or loss. A stolen laptop. A phone left at a restaurant. An external hard drive that walked out of the office.
The average cost per lost laptop? $49,246. But here's the thing — if that laptop was encrypted, HIPAA's "Safe Harbor" provision kicks in. An encrypted device that gets stolen is not a reportable breach. Full stop. That one setting — full disk encryption — is the difference between a non-event and a five-figure disaster.
If every laptop and portable device in your practice isn't encrypted right now, stop reading this article and go fix that first. Seriously.
What You Should Actually Do
We review dental software for a living. We don't sell cybersecurity products. So here's our unvarnished take on what actually matters:
1. Encrypt Everything Portable
Full disk encryption on every laptop, tablet, and external drive. BitLocker on Windows, FileVault on Mac. This is free and takes 30 minutes. There is no excuse.
2. Fix Your Backups (For Real This Time)
True Dental Care survived their attack because they had working backups. "Working" means: automated, tested regularly, stored offsite or in the cloud, and not connected to your main network. If your backup drive sits plugged into your server 24/7, ransomware will encrypt it right alongside everything else.
The 3-2-1 rule: three copies of your data, on two different media types, with one stored offsite. If you can't describe your backup setup in those terms, it's not good enough.
3. Vet Your IT Vendor Like You'd Vet a Dentist
Absolute Dental's breach came through their managed IT provider. Your IT vendor is only as secure as their weakest client — and their weakest employee. Ask them: Do you use multi-factor authentication internally? How do you segment client environments? When was your last penetration test? If they can't answer clearly, find someone who can.
4. Turn On Multi-Factor Authentication Everywhere
Every system that touches patient data needs MFA. Your practice management software. Your email. Your cloud storage. Your Supabase or server admin panels. If it has a login, it needs a second factor. This blocks the vast majority of credential-based attacks.
5. Have a Breach Response Plan — Written Down
Westend Dental's $350K fine wasn't for getting breached. It was for dragging their feet on notification. You need a written plan that answers: Who do we call first? How do we notify patients? What's our legal obligation under state and federal law? How do we communicate publicly? Rehearse it once a year. When the worst happens, panic is not a strategy.
6. Train Your Team (Yes, Again)
Phishing is still the number-one entry point. Your front desk staff, your hygienists, your associate dentists — they all need to know what a phishing email looks like. Quarterly training, not annual. Make it short, make it specific to dental, and make it mandatory.
The Market Is Responding
The cybersecurity industry has noticed dental's vulnerability. CISO Global partnered with TeleDental to launch CyberSimple, a dental-specific cybersecurity platform that includes up to $1.5 million in financial protection. We haven't reviewed it yet, but the fact that dental-specific solutions are emerging tells you something about the size of the problem.
We expect more vendors to enter this space in 2026. When they do, we'll review them the same way we review practice management software — rigorously, with your interests in mind.
The Bottom Line
You can't afford to treat cybersecurity as someone else's problem. The breach wave of 2025 proved that dental practices are targets — not collateral damage, but targets. The groups behind these attacks know that dental offices have valuable data, thin defenses, and limited ability to absorb financial hits.
The good news is that the fundamentals — encryption, backups, MFA, training, and a response plan — are neither expensive nor complicated. They just require you to actually do them.
Don't be the practice that finds out the hard way.