Cybersecurity for Dental Practices

Practical Tips for Reducing Cyber Risk

Small businesses are experiencing a surge of cyberattacks.

Almost half of all cyberattacks in 2023 have targeted small businesses—and health care is the industry most at risk.


Because cyber threat actors understand that small health care businesses—like dental practices—may not have robust cybersecurity controls or training, despite the amount of confidential data they store.

Though cyberattacks are both frequent and inevitable, you can reduce risk to your practice by implementing even a few key cybersecurity controls.

Check out the following tips and tools to get started and visit this page often for updated content.

Errin Coburn
Director of Cyber Risk | Delta Dental of Washington.

Please note: The content of this page, including any training modules, is meant to provide general information about cybersecurity best practices. It is based on general industry standards and is not tailor-made to fit any one situation. It does not replace professional cybersecurity services. If you have specific questions, please contact an information technology professional.

5 Tips That Could Keep Your Business Cyber Safe

Multi-Factor Authentication combines and leverages “something you know” (like your login credentials) and “something you have” (like your smartphone or email account).

MFA increases security because even if one of your credentials has been compromised, unauthorized users likely won't be able to meet the second step, which will block their attempted access to the targeted computing device, network, or database.

To learn more about MFA and how to enable it on some of the more popular tools, check out these resources:

Updates can install new features, protect data, improve performance, and ensure compatibility. Many software vendors today even allow you to enable automatic updates.

The two most important reasons to stay on top of software updates? Patching security flaws and protecting your data, which you can learn more about here:

From checking your email to online banking to simply accessing your devices and systems, passwords are a part of daily living. While it can feel tempting to use a short or catchy password to help you keep track, a lack of password complexity or repeating passwords can also pose serious risks to your security.

To protect yourself and your information, use passwords that are long, strong, and difficult for someone else to guess—while still relatively easy for you to remember.

  • Password Length
    The longer a password is, the harder it is to crack. Many security professionals recommend 16 unrepeated characters.

  • Uniqueness
    For stronger cybersecurity, every one of your accounts should have a unique password. Though it may feel like you’re saving time or effort by using the same password for multiple accounts, doing so can increase your risk.

    For example, if your credentials get stolen in a data breach, an unauthorized user could gain access to any accounts where you’ve used those same credentials.

  • Passphrase
    With all the requirements needed to make your passwords strong, creating passphrases can help you create and keep track of your unique passwords. A passphrase is an easy phrase for you to remember, but hard for others to guess (such as an uncommon song lyric). When creating a passphrase, avoid commonly used phrases (like ‘letmein!’) or personal information (like the name of your pet). Here's an example of a strong passphrase: F1sh1ngWithMyS0n

  • Changing Passwords
    While tedious, occasionally updating passwords is a strong security practice, especially if you fear an account has been compromised or if you notice unusual activity.

  • Password Managers
    A password manager can generate, save, and sync passwords across multiple devices. It's a handy application that removes the hassle of having to remember all of your long credentials and prevents bad habits like writing passwords down or storing them in unsecure documents. Google "password managers" to learn more.

Routine cybersecurity awareness training can help prevent the loss of Personal Identifiable Information (PII), intellectual property, money, or brand reputation. An effective awareness training program may help address the common cybersecurity mistakes employees may unknowingly make on the web, through email or text, and in the physical world, such as document disposal or being tailgated. To learn more about cybersecurity awareness training, check out these resources from the Cybersecurity & Infrastructure Security Agency.

A cyber insurance policy helps an organization pay for any financial losses they may incur in the event of a cyberattack or data breach. It also helps them cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.