Ring in the New Year with a Cybersecurity Reset: 10 Trends to Watch in 2025

There is some good news to report from the cyber world: 2024 is almost over. This year was a challenging one for the dental community. We witnessed crippling cyberattacks successfully launched against supply chain companies, a record number of DSO organizations, and too many private practice providers to count. We also saw a devastating attack that successfully targeted one of the largest health payment processing companies in the world. We’ve made it through in one piece—but not without some battle scars and hopefully some lessons learned about why implementing more effective security measures is no longer just optional.

As we near the start of 2025, the cybersecurity landscape is set to undergo significant transformations driven by advancements in AI, ever-evolving threats from sophisticated hacking organizations, and—most likely—changed regulatory environments. Here are 10 trends we will likely see in the coming new year:

1. AI & Machine Learning in Security Systems

Artificial intelligence will become more deeply integrated into security systems, offering better real-time threat detection, abnormal network behavior, and more automated response mechanisms. However, the same technology will be utilized by cybercriminals to create more sophisticated attacks.

2. Ransomware Evolution

Ransomware will continue to evolve with the aid of AI technology for more rapid network penetration. IT teams will struggle to keep up with remediation efforts to fix known technical vulnerabilities that criminals exploit to gain network access and lateral network maneuverability.

3. Advanced Spear-Phishing Techniques

Spear-Phishing techniques will become more personalized. Cybercriminals will be relying more heavily on AI programs to generate more convincing emails, phone calls, and text messages to trick their targets into giving them access to privileged data. We should also expect to see an increase in hackers leveraging technologies like QR codes for malicious purposes.

4. Focus on Remote Staff and 3^rd Party Support Staff

As organizations work to create “Security Aware” environments internally, remote workers and 3^rd party support organizations will be targeted more heavily by criminal hacking groups. Training, VPN use, MFA, and endpoint security should be mandatory for all workers who have remote access into the organization’s network.

5. An Increase in Regulatory Compliance

New laws related to cybersecurity and enforcement of existing ones are likely to happen in 2025. This increase in regulatory compliance will force all healthcare providers to rethink their compliance strategies, particularly regarding data handling and breach notification.

6. Cyber Insurance Expansion

The market for cyber insurance will grow as organizations look to mitigate financial risks associated with data breaches and cyber incidents. Insurance companies will require that organizations implement more effective and more modern preventative measures and tools before offering or renewing cyber coverage.

7. Cloud Security Enhancements

Cloud security will become more complex as organizations shift more operations to the cloud. These enhancements will include better management of configurations and constant monitoring. This change should not be viewed as a deterrent to orgs who are planning a migration to the cloud. Cloud-based organizations are still generally “safer” than those who have on-premises servers, but as more organizations migrate to the cloud, its growing popularity makes it more attractive to cyber criminals. (This same prediction applies to MAC-based orgs as well)

8. Threat-Intelligence Sharing

The sharing of cyber intelligence among cybersecurity companies and federal organizations is likely to increase. This collaborative effort can only help to enhance preventative measures.

9. Cybersecurity-as a Service

More businesses will opt for managed security services to handle the complexities of cybersecurity without expanding in-house teams. Robust cybersecurity requires engagement with specialists and cybersecurity-as-a-service is the most cost-effective way for organizations to protect themselves.

10. Cyber Resilience

In addition to implementing more effective preventative solutions, a higher percentage of organizations will emphasize resilience and the ability to handle cyber incidents more effectively and possibly recover from cyberattacks more quickly. This level of resiliency will require better preventative measures, detailed and practiced incident response plans and written business continuity measures.

As we prepare to welcome 2025, one thing is clear — cybersecurity is no longer a choice but a necessity. For every DSO, safeguarding sensitive patient data and ensuring operational continuity must be at the top of the priority list. Start by asking yourself and your team these questions: Are we evolving as quickly as the threats we face? Are we leveraging the best tools and expertise available to us? And most importantly, have we done everything we can to maintain the trust of the patients who rely on us?

Don’t wait until you’re forced to react. Instead, lead the charge into the new year with confidence, adaptability, and an unshakeable resolve to outpace the dangers of the digital age. A dedication to a more secure 2025 should be a New Year’s Resolution for your organization!

---

🚨Recent notable healthcare cyber incidents:

Jefferson Dental Center, Inc (Jefferson Dental Center) has been the victim of a security incident. On November 15th, 2024, Jefferson Dental Center discovered that their computer network systems were not working. Upon inspection we determined that we were a victim of a ransomware attack and immediately took steps to stop and mitigate the attack.

Based on an ongoing investigation about this incident, ther network appeared to be accessed on or around November 14th,2024 by an unauthorized user that gained access to their network undetected. Sensitive information may have been inappropriately accessed and/or obtained before ransomware encryption occurred to their network on November 15, 2024. They have determined that the network shares accessed in this incident included information that may include personal identifying information, including health information of patients of Jefferson Dental Center. They have notified the Indiana Attorney General’s office and federal law enforcement.  A breach notification was filed with the Secretary of HHS and Office of Civil Rights.

---

Great Expressions Dental Centers (GEDC) has agreed to settle a class action lawsuit for $2.7 million stemming from a 2023 data breach involving the personal and protected health information of 1,925,397 individuals. Great Expressions Dental Centers, a Bloomfield Hills, MI-based chain of 246 dental practices in 9 U.S. states, experienced a cyberattack in February 2023 that disrupted its IT systems.

The hackers had access to its systems for 6 days between February 17 and February 22, 2024, during which time files containing patient data were exfiltrated from its systems. Those files contained information such as names, birth dates, contact information, Social Security numbers, driver’s license numbers, financial account information, credit/debit card numbers, billing records, health insurance information, prescription information, diagnoses, treatment information, x-ray images, and medical and dental histories. Individual notification letters were mailed to the affected individuals in early May 2023.

Several lawsuits were filed in response to the data breach that were consolidated into a single action in the U.S. District Court for the Eastern District of Michigan – In re Great Expressions Data Security Incident Litigation. The plaintiffs alleged Great Expressions Dental Centers failed to implement reasonable and appropriate cybersecurity measures to protect the sensitive data stored on its network. The lack of safeguards meant hackers were able to access its internal network and steal patient data.

Great Expressions Dental Centers denies any wrongdoing but has agreed to settle the lawsuit to bring the litigation to an end and avoid the uncertainty of trial. Under the terms of the settlement, a fund of $2.7 million will be created to cover claims from the plaintiffs and class members, attorneys’ fees, and legal costs. Individuals who received a notification letter from Great Expressions Dental Centers are entitled to benefits.

---

Dental Cyber Watch is sponsored by Black Talon Security, the recognized cybersecurity leader in the dental/DSO industry and a proud partner of Group Dentistry Now. With deep roots within the dental and dental specialty segments, Black Talon understands the unique needs that DSOs and dental groups have when it comes to securing patient and other sensitive data from hackers. Black Talon’s mission is to protect all businesses from the devastating effects caused by cyberattacks—and that begins with a robust cyber risk mitigation strategy. To evaluate your group’s current security posture visit www.blacktalonsecurity.com.