Why dental technology must put security first, and why practice owners should demand it

Tasha Dickinson
Feb 6, 2026

When new technology enters dentistry -- whether via cloud platforms, imaging systems, practice management software, or AI-driven tools -- we usually focus on the problem it solves. What rarely receives the same attention is how that product was built and whether security was part of the design from Day 1.

That question matters more than ever.

Lately, my husband Rich -- a dental practice owner -- and I have been working with students at Dartmouth College through the Cook Engineering Design Center, mentoring early-stage product ideas that may one day support dental practices.

Tasha Dickinson, MBA.Tasha Dickinson, MBA.

One project involved an audiovisual device designed for use in a treatment room. Rather than focusing only on encrypting stored data, we pushed the students to design a solution that could not easily be tampered with, modified, or hacked in the first place.

That experience sharpened what I now look for when evaluating any new dental technology: Secure by design means security is not added at the end. It is embedded into the architecture, workflows, and technical controls from the beginning.

Several federal agencies now endorse this approach. The U.S. Cybersecurity and Infrastructure Security Agency defines secure-by-design software as products that reduce the burden on customers to protect themselves and place responsibility on developers to deliver secure default configurations and resilient systems.

Similarly, the National Institute of Standards and Technology (NIST) emphasizes building security into the entire software development life cycle. In business terms, this approach is known as DevSecOps. IBM has repeatedly identified it as one of the most cost-effective ways to reduce the impact of cyberattacks.

Most dental software is designed to solve a single operational problem. Too often, it introduces cybersecurity risk in the process -- without anyone realizing it. Because nearly every system now touches protected health information, the consequences of poor design land squarely on dental practices.

Why developers must build security into product design

Vendors serving healthcare markets carry a heightened responsibility. Dental practices operate under HIPAA, state privacy laws, and contractual obligations with insurers and business partners. When developers skip foundational security controls, they transfer risk downstream.

At a minimum, secure-by-design development should include the following:

  • Secure default configurations
  • Strong authentication and access controls
  • Encryption of data in transit and at rest
  • Audit logging and monitoring
  • Formal vulnerability testing
  • Regular patching mechanisms
  • Clearly documented security architecture

Regulatory policy is moving in this direction. The U.S. Federal Communications Commission’s Cyber Trust Mark program is designed to help consumers identify connected devices that meet baseline cybersecurity requirements.

Dentistry does not yet have its own certification standard, but the trend is clear: Cybersecurity is becoming a design obligation, not a marketing feature. For dental technology vendors, secure by design is no longer a differentiator. It is a minimum expectation.

What dentists should ask technology vendors, and which questions should be asked

One of the most concerning trends I see is how rarely dentists ask vendors meaningful security questions.

I was recently introduced to an AI product being demonstrated in one of our client practices. When I asked about the company’s security model, I was told I was only the third person who had ever asked such a question.

The founder then walked me through the platform’s architecture, controls, and compliance documentation. Based on that conversation alone, I would recommend the product again.

Here is the unsettling part: The product is already in hundreds of practices. So who is not asking these questions?

Dentists can frame the conversation this way:

  • Do you have SOC 2 (System and Organization Controls 2) certification?
  • Was security built into the product from the beginning or added later?
  • How are patient data encrypted in transit and at rest?
  • What access controls prevent unauthorized internal or third-party access?
  • Do you follow NIST or similar security frameworks?
  • How often do you perform security audits or penetration testing?
  • How do you handle vulnerability disclosures and software updates?
  • Will you provide a HIPAA Business Associate Agreement?

If a vendor cannot provide clear answers -- or treats these questions as an inconvenience -- that is a red flag. Transparency is not optional. It is due diligence.

What practices must do when technology is not secure by design

Even with the best efforts, many practices use products that were not developed with secure-by-design principles. That does not eliminate responsibility.

HIPAA places accountability for patient data security on the covered entity -- the dental practice -- not the vendor. If a breach occurs, regulators will ask whether the practice performed due diligence, assessed vendor risk, and implemented reasonable safeguards.

The HIPAA Security Rule requires administrative, physical, and technical protections. Failing to evaluate vendor security controls can be considered a compliance failure.

At a minimum, practices should:

  • Conduct formal risk assessments of all technology vendors.
  • Require HIPAA Business Associate Agreements.
  • Implement network segmentation and access restrictions.
  • Use multifactor authentication where available.
  • Maintain regular patching and software updates.
  • Monitor user access logs.
  • Train staff on cybersecurity awareness.
  • Retain an information technology security partner to vet vendors.

If a product cannot meet modern security standards, compensating controls must be put in place. Ignoring known weaknesses does not reduce liability, it increases it.

Final thought

Secure by design is not an abstract engineering concept. It is a business safeguard.

As dentistry adopts cloud platforms, AI, and integrated digital tools, cybersecurity risks will only increase. Practices that assume vendors have “handled security” without verification are exposing their businesses and their patients.

Ask the hard questions. Demand transparency. And if you do not have the time or expertise, partner with an IT security firm that will ask those questions on your behalf. Because in modern dentistry, security is not optional. It is foundational.

Editor's note: References are available upon request.

Tasha Dickinson, MBA, dentistry’s cybersecurity guide, is the founder and chief technologist of Siligent Technologies, a trusted provider of cybersecurity and IT solutions for dental businesses. She is dedicated to helping dentists protect their data, avoid cyberattacks, and build resilient business operations. Contact Tasha at [email protected] or connect on LinkedIn.

The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.

Latest in Practice Management Software
Dental Insurance
Planet DDS launches AutoEligibility
November 24, 2025
Hiring Dental Rockstars Is Hard — We Make It Easy. No Contracts.
Sponsored
Hiring Dental Rockstars Is Hard — We Make It Easy. No Contracts.
December 1, 2025
Harvey Linda 400
Reimagining the digital future of dentistry
September 5, 2025
Bond Ashley 400
Understanding the collection percentage: A key metric for your dental practice's financial health
February 18, 2025
Related Stories
Dr Bicuspid Podcast 400
Podcasts
Podcast: Unlocking interoperability is the future for dental practices
Adobe Stock/C Malambo/peopleimages.com
Privacy
The top cyberthreats targeting dental practices
Kelly Tanner 400
Team Management
The psychology behind dental team resistance to technology
Hiring Dental Rockstars Is Hard — We Make It Easy. No Contracts.
Sponsor Content
Hiring Dental Rockstars Is Hard — We Make It Easy. No Contracts.
More in Practice Management Software
Planet DDS launches AutoEligibility
By DrBicuspid.com staff writers
The AutoEligibility DentalXChange integration automates insurance eligibility checks in Denticon software.
November 24, 2025
Dental Insurance
Specialty1 Partners launches analytics platform
By DrBicuspid.com staff writers
Specialty1 Partners has launched its Acumen Intelligence Engine, an analytics platform built for dental specialists.
September 15, 2025
Female Dentists Computer
Reimagining the digital future of dentistry
By Linda Harvey
Toothapps software aims to modernize dental practices through interoperability, compliance, and a patient-centric design for connected dentistry, and more dentists need to be aware of this solution, writes Linda Harvey, MS, RDH.
September 5, 2025
Harvey Linda 400
Understanding the collection percentage: A key metric for your dental practice's financial health
Wisdom's Ashley Bond says now is the time to dive into your collection percentage to set a firm foundation for 2025. In this article, she explains why it's important for the vitality of your dental business.
February 18, 2025
Bond Ashley 400
3 keys to executing your dental practice's optimal schedule
By Scott J. Manning
Most dental practices mistake their schedule for their business and fail to realize that it's simply a pathway. Scott J. Manning, MBA, says it's time to change that approach.
February 12, 2025
Manning Scott Thumbnail
Why you should stop printing a Dentrix ledger for tax statement requests
By Kevin Henry
Dayna Johnson has a simple message for dental practices this time of year: Make sure you're sending your patients what they need rather than what they think they need for tax purposes.
January 29, 2025
Woman Computer Office Mangostar
CareStack partners with Sunbit
By DrBicuspid.com staff writers
Sunbit's patient financing application will be integrated into CareStack's practice management software.
January 21, 2025
Payment Patient Woman
Running year-end in Dentrix: Essential tips for a smooth transition
By Dayna Johnson
As a certified Dentrix trainer, Dayna Johnson is often asked about year-end reports when the new year dawns. Here is her best advice for maximizing your Dentrix software.
January 6, 2025
Woman Computer Office Mangostar
The keys to identifying the right dental technology and KPIs
By Beth Gaddis
A pair of experts share their thoughts on which metrics will move the needle for today's dental practices and help them achieve their financial goals.
December 20, 2024
Financials Calculator
Digitizing dentistry: The keys to reducing paper consumption in your dental practice
By Mat Buttrey
For the modern dental business, transitioning to a digital environment can enhance efficiency and security, deliver time and cost savings, and attract more clients. Mat Buttrey explains how and why.
December 6, 2024
Paper Waste Pureradiancecmp
Why 2025 is the year to move your dental practice to the cloud
By Dr. Lior Tamir
Cloud-based systems can transform how you operate, improve patient care, and safeguard your dental practice's data in ways traditional methods cannot, writes Dr. Lior Tamir.
November 18, 2024
Tamir Lior
3 critical reasons why your dental practice needs EHRs to stay competitive
By Estela Vargas
The shift to electronic health records (EHRs) is no longer considered a trend that will go away in time. Rather, it's a necessary move toward efficiency, improved patient care, and compliance with federal regulations, writes Estela Vargas, CRDH.
July 15, 2024
Estela Vargas, CRDH.
Page 1 of 42
Next Page