Breach Prevention in Dentistry: Essential Know-how for Dental Hygienists

by Anne Genge, Certified Information Privacy Professional, Certified Healthcare Cybersecurity Professional, Certified Healthcare Security Risk Assessment Specialist


Today’s digital age has revolutionized dentistry as we know it, enabling streamlined processes from appointment booking to patient communication. The transformation, however, has also made the dental industry a target for cyber threats.

As in dentistry, prevention is key in the world of cybersecurity. Dental hygienists need to be savvy about data security to ensure the privacy and integrity of patient data. Some essential areas hygienists must be aware of include patient communication, remote access to scheduling systems, password and email security, email phishing scams, use of personal devices, and emerging AI technologies.

In my 20+ years as a dental educator, I have found hygienists to be the best students. They take information privacy and security very seriously. It comes as no surprise that one of the core principles in the CDHA Code of Ethics is “Confidentiality,” which includes modern online practices.

“Dental hygienists promote practices, policies and information systems designed to respect and protect clients’ privacy and confidentiality. Respect the potential of compromising confidentiality when connecting with clients through social networks or other electronic media.”1

Let’s consider each area in more detail.

Patient Communication

Texts and emails are now a standard form of communication in dentistry, making appointment scheduling and updates convenient. However, this medium is susceptible to cyber threats. As such, hygienists must understand the importance of secure communication channels.

An excellent first step is the implementation of a policy which recommends sending only necessary, non-sensitive information via text or email. Additionally, the practice should also have signed patient consent forms by those who wish to communicate via unsecured, unencrypted channels. Patient-specific data like health history or payment information should not be shared over insecure channels.

Encryption is a critical layer of protection and the current gold standard for email use. Encrypting emails converts the contents into unreadable text, which can only be decrypted by the intended recipient. There are numerous encryption tools available that integrate seamlessly with standard email providers. The Canadian Dental Association provides a tool called “Secure Send” 2 for all CDA members, which dental practice owners can investigate. Additionally, secure texting platforms should be incorporated to ensure the secure transmission of sensitive information.

Remote Access to Schedules

Remote access to appointment schedules can significantly improve the efficiency of a dental practice. However, such access could also introduce potential vectors for cyber-attacks.

An important tool dental hygienists should be educated on is using Virtual Private Networks (VPNs), which establish secure, encrypted connections. This makes it safer to access the scheduling system remotely.

Password and Email Security

To prevent unauthorized access to the practice management software and other applications, a robust password policy should be mandated, including regular updating of the passwords and the use of complex password combinations. Two-factor authentication (2FA) is another important protective measure. 2FA requires the user to prove their identity in two distinct ways before being granted access, which reduces the risk of compromise. For example, you need to input your password and a code texted to your phone.


Phishing is a form of cybercrime where scammers attempt to deceive individuals into revealing sensitive information, such as passwords, credit card details, or social security numbers. These fraudulent activities commonly occur through emails, text messages, or fake websites that impersonate legitimate organizations or individuals. Dental hygienists need to be aware of phishing scams because they often handle confidential patient data and have access to sensitive financial information. By being knowledgeable about phishing techniques, hygienists can better safeguard themselves and their patients’ information, ensuring privacy and preventing potential security breaches that may lead to identity theft or financial loss.

Personal Devices

One of the significant challenges beyond these measures is controlling patient information captured via smartphone cameras. While seemingly low risk, patient information stored on any device must be secured and monitored to comply with most privacy laws. This is rarely taken into consideration. The same expectations apply to practice email accessed through a personal device.

Artificial Intelligence

Artificial Intelligence (AI) is a rapidly evolving technology, providing significant advancements in dental practice management and patient care. However, as AI technology becomes more prevalent, so do the associated cyber risks.

With AI-powered chatbots and automated scheduling systems, an increased volume of data is at risk. Additionally, it may be tempting to use AI systems to create patient reports or communications, but most apps, like ChatGPT, are not secure-compliant platforms. Therefore, patient information should never be inputted into them or any integrated applications until they are privacy compliant. Dental hygienists must understand how these systems manage and protect patient data.

Understanding the dynamic cybersecurity landscape is crucial as the dental industry continues to digitize. Equipping dental hygienists with knowledge about secure communication, safe remote access, password and email security, the use of personal devices and the implications of AI on data security will significantly contribute to breach prevention in the modern dental practice.

Data security is a shared responsibility in the dental office. Dental hygienists, being at the forefront of patient care and communication, play a pivotal role in safeguarding patient data. Keeping abreast of current trends in cybersecurity and having an active role in maintaining the practice’s security measures is no longer optional – it’s a necessity. Cyber threats may evolve, but the hygiene profession can help protect patients’ trust in their care. It’s about securing smiles in every sense of the word.


  1. Canadian Dental Hygienists Association Code of Ethics
  2. Canadian Dental Association Secure Send –

About the Author

Anne is the founder of Myla Training Co., Canada’s first-ever online privacy and cybersecurity training platform for dental professionals. With over two decades of experience, Anne has become a leading expert and trainer in this field. Anne collaborates closely with practice owners, managers, dental teams, and IT providers to ensure the safety of patients and practice data while enabling compliance with privacy regulations. Anne can be reached at or call 877-363-9229 x702