The title is a line borrowed from Donkey in the movie “Shrek.” Yes, parfaits are delicious, but I like them for a totally different, geeky reason: “Parfait” may be the most practical way to describe and think about an effective cybersecurity system in a dental practice today.
Because cybersecurity, at its core, is not a single solution. It’s layers. And in dentistry, those layers now carry the same weight as infection control, radiographic protocols, and clinical documentation. This isn’t an information technology (IT) issue anymore. It’s a patient safety issue.
Data are the lifeblood of a dental practice. It is what enables us to serve patients, support our teams, get paid, coordinate care, and keep the business running.
Tasha Dickinson.
Recently, I watched an explanation of secure computer architecture, and the presenter represented data as a stack of money. That image stuck with me.
If you thought about your practice data as a stack of dollars sitting on the front desk, would you leave it there for anyone to grab? Of course not. You would protect it. And depending on how much was in that stack, you would put serious thought into the type of protections you put in place.
That is the point of layered cybersecurity. Dental practices do not need “security theater” or something that looks good on the outside, providing no real substance or value.
They need practical protections that match how a modern practice actually works: team members logging in and out all day, cloud software, imaging systems, practice management systems, insurance portals, remote access, patient communication platforms, payment tools, vendors, and devices that all have to operate together securely.
Cybersecurity needs to be about humans. We can lock a computer down so tightly that nothing can get into it, but then no one can work. Dental teams need access to schedules, radiographs, charts, treatment plans, claims, payment information, and patient communication tools.
At the same time, criminals are trying to exploit the same access points that make the practice productive. The real job is not to eliminate every risk. The real job is to build a system that can absorb mistakes, detect suspicious behavior, limit damage, and recover quickly.
Why cybersecurity layering matters more than ever
The threat environment has changed. The old mental model was simple: Buy antivirus software, tell the team not to click bad links, and hope for the best. That’s no longer enough.
Verizon’s "2025 Data Breach Investigations Report" found that the human element remains involved in roughly 60% of breaches, while third-party involvement doubled from 15% to 30%.
For a dental practice, that third-party issue matters because the practice ecosystem is full of outside connections: IT providers, software vendors, imaging vendors, billing partners, cloud platforms, labs, consultants, and remote support tools.
The advent of AI adds another layer of urgency. AI can help defenders summarize alerts, automate repetitive security tasks, and spot suspicious patterns. But it also helps attackers write more convincing phishing emails, scale social engineering, search for exposed credentials, and repurpose older tactics in new ways.
Layering a security approach means that if an attacker can get by one layer, there is still another behind it. As attackers adjust their tactics, our layers need time to adjust theirs.
Even if we have AI fighting to protect the data, it needs to know what to look for or how things are working. Smart programs adjust, but by layering a few tools, we can give our tools time to adjust, changing what they look for and how they look for attacks.
The other unfortunate part is working with and against our own human nature. How many times have our own people disabled tools within our environment in order to get something done quicker? We work in an environment where being helpful and getting things done is what is needed.
If we run into something that is stopping us, we usually figure out a way around it. That can include circumventing cybersecurity measures. That’s why one of the layers we need to deploy is training.
We need everyone on board so that team members see that what is installed is not a roadblock to getting their job done, but rather a tool to help them protect the data we all rely on. Layering several tools allows us to ensure all of that data are protected, wherever it resides.
Why we do what we do
Healthcare is also a target-rich environment, because electronic protected health information is valuable, operationally sensitive, and highly disruptive when systems go down.
HHS 405(d) Health Industry Cybersecurity Practices was created specifically to help healthcare organizations manage cyberthreats that can affect patient safety, and the program emphasizes practical, consensus-based safeguards for organizations of different sizes.
Dental practices may not look like hospitals, but they still create, receive, maintain and transmit electronic personal health information. That makes cybersecurity a patient safety issue, a business continuity issue, and a compliance issue.
Moreover, the data that has been compromised is what is fueling attacks on those who are most vulnerable. The FBI noted that scams targeting individuals age 60 and older caused over $3.4 billion in losses in 2023. IC3 states victims over 60 lost more to these scams than all other age groups combined, and reportedly remortgaged/foreclosed homes, emptied retirement accounts, and borrowed from family and friends to cover losses in these scams.
What’s more, almost 100 elderly victims reportedly lost over $1 million to these scams, while the majority lost between $1,000 to $10,000. Adding very specific healthcare data to existing data is making this fraud even more effective and is actively fueling these crimes.
HHS HC3 has warned all individuals and businesses, specifically in the health sector, about advanced social engineering, including attacks that pretend to be IT help desks and trick users into taking actions that appear routine.
In a dental practice, that could look like a fake password reset, a fake software update, a fake vendor support request, or a fraudulent message that appears to come from the dentist, office manager, or IT provider. These attacks are as dangerous for your business as they are for those you are obligated to protect under the Hippocratic oath, which includes respecting patient privacy and safeguarding their medical information.
Closing thoughts
The answer to cybersecurity is not fear. The answer is more sophisticated cybersecurity architecture. A layered security model assumes that someone will eventually click, reuse a password, misconfigure a device, approve a suspicious login, or trust the wrong message. Each cybersecurity layer exists because another layer may fail.
Next month, I’ll explain how to implement a layered cybersecurity system in your dental practice so you will be better prepared for human error and other scenarios.
Editor's note: References available upon request.
Author's note: The topic “Everybody Likes a Parfait. Why Layered Cybersecurity Is Dentistry’s New Standard of Care” is available as a lecture or webinar as part of a continuing education program focused on reducing real-world cybersecurity risk.
Tasha Dickinson, MBA, dentistry’s cybersecurity guide, is the founder and chief technologist of Siligent Technologies, a trusted provider of cybersecurity and IT solutions for dental businesses. She is dedicated to helping dentists protect their data, avoid cyberattacks, and build resilient business operations. Contact Tasha at [email protected] or connect on LinkedIn.
The comments and observations expressed herein do not necessarily reflect the opinions of DrBicuspid.com, nor should they be construed as an endorsement or admonishment of any particular idea, vendor, or organization.
