Urgent Cybersecurity Alert: Hackers Targeting Dental Practitioners With Phishing Scams, FBI Warns

May 21, 2024
A computer screen shows the word security and a mouse pointer

Because they possess a treasure trove of personal, financial, and health information about hundreds or thousands of patients, physicians, dentists, and other healthcare practices and facilities are the frequent targets of hackers and cyberattacks. That threat has not diminished, and in a May 6, 2024 notice to the American Dental Association (ADA) and the American Association of Oral and Maxillofacial Surgeons (AAOMS), the Federal Bureau of Investigation (FBI) warned of a credible, active cybersecurity threat to the practices of oral and maxillofacial surgeons. While this current threat is focused on oral and maxillofacial surgeons, the FBI has expressed concern that the practices of general dentists and other specialists could also eventually be targeted.

 

According to the ADA, the FBI suspects that the group behind the cyberattacks may be shifting tactics to oral and maxillofacial surgery practices after targeting plastic surgeons last year. Accordingly, all dental practices and practitioners need to be on high alert against such attacks, which focus on “social engineering scams” — such as phishing (email), SMSishing (through text or instant messaging apps), and vishing (using phone calls and voicemail) — to gain access to sensitive personal data such as electronic protected health information.

 

In particular, the FBI warns of “spear phishing,” which refers to a phishing email that appears to be from a trusted contact. Through these scams, the FBI says, “threat actors try to convince people to reveal sensitive information, or to click on a link, open an attachment or visit a website that causes malware to be deployed. This malware can lead to ransomware, which blocks system and/or file access until money is paid.”

 

The FBI provided an example of such a scam:

 

A threat actor poses as a new patient or says they want to become a patient at the practice to obtain new patient forms online. Once the forms are received, the threat actor will then contact the practice to report they are having trouble submitting them online and ask if they can scan the forms and email them instead. The threat actor then emails the “forms” as an attachment. When the attachment is opened, malware is deployed through a phishing scheme.

 

The FBI requests dental practices that experience any fraudulent or suspicious activities to report them to the FBI Internet Crime Complaint Center at ic3.gov.

 

Precautions Dental Practices Can Take To Protect Against Phishing and Other Cyberattacks

 

The Cybersecurity & Infrastructure Security Agency (CISA) recommends four vital ways to protect your practice from cyberthreats:

 

Teach your team to recognize and avoid phishing

Require strong passwords

Require multi-factor authentication

Update all business software

 

Additionally, practices should have policies and protocols in place to immediately respond to and remediate any data breaches that result from a phishing scam or other cyberattack.

 

The following resources are also available to support dental professionals:

 

CISA.gov toolkit aids healthcare practices in building cybersecurity foundations and implementing more advanced, complex tools to stay secure and ahead of current threats.

The U.S. Department of Health and Human Services’ Knowledge on Demand resource offers five free cybersecurity trainings that align with the top five threats named in HHS’ Health Industry Cybersecurity Practices. HHS also provides information on how the HIPAA security rule can help defend against cyberattacks.

The Office of the National Coordinator for Health Information Technology’s Security Risk Assessment Tool, a resource designed to help medium and small providers conduct a security risk assessment as required by the Health Insurance Portability and Accountability Act.

The U.S. Department of Health and Human Services Office of Information Security and Health Sector Cybersecurity Coordination Center’s “Artificial Intelligence, Cybersecurity and the Health Sector” guide shares how healthcare entities help protect against AI-enhanced cyberthreats.

Additional resources can be found at ADA.org/riskmanagement

 

Call Grogan, Hesse & Uditsky Today

 

At Grogan, Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you.

 

If you have questions or concerns about your practice’s compliance with HIPAA, please call us at (630) 833-5533 or contact us online to arrange for your free initial consultation.

 

Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices, and this blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals. 

Speak to an Attorney

Related Posts

Why a Phase I Environmental Assessment Is Critical When Buying a Property for Your Dental Practice

By Jordan Uditsky March 4, 2026
What Lies Beneath

Business Succession Planning For Dental Practice Owners

By Jordan Uditsky February 25, 2026
Why TODAY Is The Time To Prepare Your Practice – and Yourself - For an Uncertain Tomorrow

Bogus ADA Claims Regarding Dental Practice Websites Are Rampant

By Jordan Uditsky February 4, 2026
Bogus ADA Claims Regarding Dental Practice Websites Are Rampant. Your Lawyer Can Help You Tell the Difference Between a Real Problem and a Real Shakedown. Over 25 years have passed since the Americans with Disabilities Act (ADA) quite literally reshaped the landscape for people with disabilities. From building entrances to parking lots to restrooms to elevators, from hiring and employment opportunities to restaurants, stores, and websites, disabled Americans have far greater access to the same facilities, services, and opportunities as everyone else. Harassment at Best, Extortion at Worst For all the good it has accomplished, however, the ADA has also been abused by opportunistic individuals and attorneys who have used the law in bad faith to shake down small businesses, including dental practices, for alleged violations that have not actually caused any harm or infringed upon any rights afforded by the act. These self-appointed ADA compliance "testers" have filed thousands of nuisance ADA suits that have cost American businesses millions of dollars. According to one analysis, ADA lawsuits have increased by 320% since 2013, with over 4,000 suits filed in 2024 alone. Many plaintiff's law firms file hundreds of cookie-cutter ADA lawsuits each year. One person can visit multiple businesses or websites in a single day solely to identify even the slightest accessibility transgressions in order to generate claims. While these suits can focus on any number of alleged ADA shortcomings, those relating to website accessibility (discussed in detail in this earlier post ) filed by a handful of law firms and serial plaintiffs have earned the scorn of small businesses and practices across the country. That's because these "testers" and the lawyers who represent them specifically target small businesses, as they typically have limited means to defend themselves, may not be able to discern between legitimate and bogus claims, and often see a quick payoff as the path of least resistance. Here’s how the shakedown typically goes down: A plaintiff or their attorney sends the practice a demand letter in which they claim that the practice’s website is inaccessible to people with disabilities (e.g., missing image alt text, inaccessible forms, incompatible with screen readers). They cite a violation of Title III of the ADA. They make a demand for a cash settlement, often ranging from $2,500 to $25,000, alongside a request for accessibility fixes. The business/practice cuts a check in exchange for a release of any ADA claims by that plaintiff related to the website. The business/practice may then receive more demand letters, often from the same firm, on behalf of other plaintiffs who make the same claim, and the extortion continues. Don’t Act Impulsively – Do This Instead All this is not to say that dental practice owners should consider all such claims and demands to be frivolous or ignore their ADA obligations relating to their website. To be sure, a meritorious ADA lawsuit can indeed expose a practice to significant financial and reputational damage. Before reflexively giving in to an ADA demand letter and settling a supposed claim, practice owners should take the following steps: · Don't Panic, But Don't Ignore It. As noted, a demand letter with legalese and ominous language doesn’t mean that you’ve done anything wrong or actually violated the law. While your immediate reaction may include fear, confusion, or anger, don’t act impulsively. By the same token, don’t assume it is a bogus threat; crumble up the letter and throw it in the recycling. Deadlines in these letters are real, and failing to respond appropriately to a viable claim could lead to litigation. · Contact Your Attorney Immediately. This is not a DIY situation. Before responding to the letter or contacting the sender, consult with an attorney experienced in ADA compliance and website accessibility issues. Your lawyer can evaluate the demand letter or complaint, the validity of the claim, and the law firm behind it before formulating an appropriate response. Testers send many cookie-cutter letters that may contain boilerplate allegations of deficiencies that do not actually exist. · Evaluate Your Actual Compliance. Work with your attorney and website accessibility experts to have your website assessed against the Web Content Accessibility Guidelines (WCAG) , which courts often reference in ADA website cases. Understanding your site's actual accessibility helps inform whether settlement, remediation, or another approach makes sense and whether you need to take additional steps to avoid future claims. Keep in mind that this isn't just about legal compliance—it's good business. An accessible website serves all patients better and demonstrates your commitment to inclusivity. If you have questions about your business's ADA obligations and how to protect it from accessibility complaints, please call Grogan, Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Show More

Why a Phase I Environmental Assessment Is Critical When Buying a Property for Your Dental Practice

By Jordan Uditsky March 4, 2026
What Lies Beneath

Business Succession Planning For Dental Practice Owners

By Jordan Uditsky February 25, 2026
Why TODAY Is The Time To Prepare Your Practice – and Yourself - For an Uncertain Tomorrow

Bogus ADA Claims Regarding Dental Practice Websites Are Rampant

By Jordan Uditsky February 4, 2026
Bogus ADA Claims Regarding Dental Practice Websites Are Rampant. Your Lawyer Can Help You Tell the Difference Between a Real Problem and a Real Shakedown. Over 25 years have passed since the Americans with Disabilities Act (ADA) quite literally reshaped the landscape for people with disabilities. From building entrances to parking lots to restrooms to elevators, from hiring and employment opportunities to restaurants, stores, and websites, disabled Americans have far greater access to the same facilities, services, and opportunities as everyone else. Harassment at Best, Extortion at Worst For all the good it has accomplished, however, the ADA has also been abused by opportunistic individuals and attorneys who have used the law in bad faith to shake down small businesses, including dental practices, for alleged violations that have not actually caused any harm or infringed upon any rights afforded by the act. These self-appointed ADA compliance "testers" have filed thousands of nuisance ADA suits that have cost American businesses millions of dollars. According to one analysis, ADA lawsuits have increased by 320% since 2013, with over 4,000 suits filed in 2024 alone. Many plaintiff's law firms file hundreds of cookie-cutter ADA lawsuits each year. One person can visit multiple businesses or websites in a single day solely to identify even the slightest accessibility transgressions in order to generate claims. While these suits can focus on any number of alleged ADA shortcomings, those relating to website accessibility (discussed in detail in this earlier post ) filed by a handful of law firms and serial plaintiffs have earned the scorn of small businesses and practices across the country. That's because these "testers" and the lawyers who represent them specifically target small businesses, as they typically have limited means to defend themselves, may not be able to discern between legitimate and bogus claims, and often see a quick payoff as the path of least resistance. Here’s how the shakedown typically goes down: A plaintiff or their attorney sends the practice a demand letter in which they claim that the practice’s website is inaccessible to people with disabilities (e.g., missing image alt text, inaccessible forms, incompatible with screen readers). They cite a violation of Title III of the ADA. They make a demand for a cash settlement, often ranging from $2,500 to $25,000, alongside a request for accessibility fixes. The business/practice cuts a check in exchange for a release of any ADA claims by that plaintiff related to the website. The business/practice may then receive more demand letters, often from the same firm, on behalf of other plaintiffs who make the same claim, and the extortion continues. Don’t Act Impulsively – Do This Instead All this is not to say that dental practice owners should consider all such claims and demands to be frivolous or ignore their ADA obligations relating to their website. To be sure, a meritorious ADA lawsuit can indeed expose a practice to significant financial and reputational damage. Before reflexively giving in to an ADA demand letter and settling a supposed claim, practice owners should take the following steps: · Don't Panic, But Don't Ignore It. As noted, a demand letter with legalese and ominous language doesn’t mean that you’ve done anything wrong or actually violated the law. While your immediate reaction may include fear, confusion, or anger, don’t act impulsively. By the same token, don’t assume it is a bogus threat; crumble up the letter and throw it in the recycling. Deadlines in these letters are real, and failing to respond appropriately to a viable claim could lead to litigation. · Contact Your Attorney Immediately. This is not a DIY situation. Before responding to the letter or contacting the sender, consult with an attorney experienced in ADA compliance and website accessibility issues. Your lawyer can evaluate the demand letter or complaint, the validity of the claim, and the law firm behind it before formulating an appropriate response. Testers send many cookie-cutter letters that may contain boilerplate allegations of deficiencies that do not actually exist. · Evaluate Your Actual Compliance. Work with your attorney and website accessibility experts to have your website assessed against the Web Content Accessibility Guidelines (WCAG) , which courts often reference in ADA website cases. Understanding your site's actual accessibility helps inform whether settlement, remediation, or another approach makes sense and whether you need to take additional steps to avoid future claims. Keep in mind that this isn't just about legal compliance—it's good business. An accessible website serves all patients better and demonstrates your commitment to inclusivity. If you have questions about your business's ADA obligations and how to protect it from accessibility complaints, please call Grogan, Hesse & Uditsky at (630) 833-5533 or contact us online to arrange for your free initial consultation. At Grogan Hesse & Uditsky, P.C., we focus a substantial part of our practice on providing exceptional legal services for dentists and dental practices, as well as orthodontists, periodontists, endodontists, pediatric dentists, and oral surgeons. We bring unique insights and deep commitment to protecting the interests of dental professionals and their practices and welcome the opportunity to work with you. Jordan Uditsky, an accomplished businessman and seasoned attorney, combines his experience as a legal counselor and successful entrepreneur to advise dentists and other business owners in the Chicago area. Jordan grew up in a dental family, with his father, grandfather, and sister each owning their own dental practices. This blend of legal, business, and personal experience provides Jordan with unique insight into his clients’ needs, concerns, and goals.
Show More