How to Protect Your Dental Practice and Patients from a Data Breach

John Bruley


Living in the digital age, we have become accustomed to sharing information freely through our phones and computers. With a few clicks of a mouse or push of a button, we can purchase, post, schedule, pay a bill, and communicate often without a thought about who might be monitoring that information—or worse, stealing it.

Cybersecurity should be a top-of-mind concern for any company or organization that handles sensitive personal, financial, or medical information, with a “not if, but when” level of expectation for potential challenges.

Data breaches are becoming commonplace. According to the Identity Theft Resource Center, there were more than 1,500 data breach incidents in 2017, exposing nearly 158 million Social Security numbers nationwide. Of those, 27% targeted the healthcare industry. 

So what can be done?  

A robust cybersecurity system and plan is no longer an option. It’s a necessity for all healthcare providers. Whether you have a million-dollar corporation or small dental practice, it’s important to invest in protecting your patients’ information, because medical information is worth a great deal to fraudulent parties.

My employer, Delta Dental of Arizona, utilizes state-of-the-art data centers, secure private connections to those centers, internal and external firewalls, and multiple internal local area network monitoring systems. We do this because it’s our corporate responsibility, and we realize that dental offices most likely do not have the bandwidth to install security systems and monitor them to the level that is required of us.  

With this in mind, we’ve taken steps to assist our network of oral healthcare professionals by working with Medix Dental to offer providers a free IT security assessment to help identify risks that may expose patient information and provide guidance as to how to resolve them. This assessment provides a no-obligation in-depth report that spells out what must be addressed. This report can be shared with the office’s IT provider, or the office can choose to have the Medix Dental team remedy these concerns directly. 

On a smaller scale, make certain that your system’s anti-virus and ransomware software is as up-to-date as possible and that your operating system’s security updates are made when prompted. Email encryption and firewalls are also low-cost protection methods to ensure that data is shared safely. 

Finally, have your IT provider create an IT crisis plan to follow if and when sensitive data may have been compromised. Whether one person’s information or 100 patients’ private data has been stolen, a plan must be in place to quickly address the issue.

Make it a point to determine who you should contact first. Then understand how you’ll alert those who were impacted. And, know how you’ll remedy the situation in advance. All of these questions should be answered and understood by the business owner and all employees on the front lines. The hope is that your crisis plan will never be required, but knowing that you have a plan in place will allow you to respond quickly and with forethought during a time of crisis.

The bottom line is that there are numerous measures that businesses of all sizes can take to minimize the chance of digital disturbances, so recognize the importance and then make the investment to protect your patients and your practice by protecting all online sensitive information.

Identity theft is serious business, and the cost of protecting your data is pennies compared to the cost of managing a breach after the fact. By doing your part in advance, you can minimize the chance of a data breach and provide your team and patients with the confidence that you’ve done what you can to protect them and your practice.

Mr. Bruley is the director of information technology for Delta Dental of Arizona. With nearly 20 years of experience as an IT professional, his career focus has included introducing and integrating new technologies into businesses, capacity/cost projections, disaster recovery, and delivering high return on technology investments. He holds Microsoft Certified Systems Engineer (MCSE), Information Technology Infrastructure Library, and Cisco Certified Network Associate (CCNA) certifications and graduated with a BS in communications from the University of Wyoming. He can be reached at

Related Articles

Don’t Let Data Breaches Imperil Your HIPAA Liability

Four Ways Your Competition Values Security More Than You Do

What Does California’s Privacy Law Mean for Dentists?