Huntress Managed EDR on every endpoint
Workstations, the PMS server, the imaging workstation, doctor laptops. 24/7 SOC watching for ransomware canaries, credential theft, and lateral-movement patterns documented in dental-vertical attacks.
Dental cybersecurity
HIPAA-aligned cybersecurity for the practice, not the brochure.
Managed cybersecurity built for the way a dental practice actually runs — Dentrix or Eaglesoft on a local server, Curve or Denticon in the cloud, Microsoft 365 or Google Workspace for the office, and one office manager wearing three hats. Huntress Managed EDR, ITDR, and Security Awareness Training operated end-to-end by Obsidian Ridge, with the HIPAA evidence package your insurer and OCR actually want to see.
Aligned with
HIPAA Security RuleHIPAA Breach NotificationNIST CSF 2.0SOC 2
CISSP-led practiceHuntress Managed EDR partnerTL;DR
What dental practices get, and what it costs
We operate Huntress Managed EDR, ITDR, and Security Awareness Training for your practice end-to-end. The 24/7 Huntress SOC watches every endpoint and your Microsoft 365 or Google Workspace tenant for the attack patterns documented across the dental vertical — PMS ransomware, business-email compromise targeting the office manager, and identity-layer attacks that bypass MFA.
Obsidian Ridge adds the practitioner side: HIPAA-aligned configuration, audit-control evidence, cyber-insurance readiness, incident-response coordination, and the quarterly executive briefing for the doctor and the practice manager.
Pricing starts at $15 per agent per month for the Foundation tier (endpoint only). Most practices land at Protected, $32 per user per month, which adds identity threat detection and the awareness program — the controls that actually move cyber insurance premiums and stop the BEC pattern that dental practices keep losing money to. Complete (from $55 per user per month) adds Managed SIEM and the full compliance evidence program.
What's included
Everything we operate for a dental practice
Huntress Managed ITDR on Microsoft 365 / Google Workspace
Catches the adversary-in-the-middle phishing kits (EvilProxy, Tycoon) that bypass MFA, the inbox rules that route insurance and wire emails away from the office manager, and the OAuth-consent attacks dentists rarely see coming.
Managed Security Awareness Training
Phishing simulations and 5-minute micro-lessons tuned for dental staff: payment-redirect themes for the office manager, ePHI-handling lessons for the front desk, vendor-impersonation drills for the bookkeeper.
HIPAA evidence package
Audit-control logs, MFA coverage report, encryption-in-transit confirmation, training completion, and a written incident-response plan packaged for OCR review or insurance underwriting.
PMS hardening assist
Account hygiene for Dentrix, Eaglesoft, Open Dental, Curve, and Denticon. Removal of shared front-desk accounts, audit-log activation, backup verification, and the imaging-vendor EDR-exclusion conversation handled correctly.
Incident response coordination
If something happens, you are not alone with a vendor portal. We coordinate forensics, breach notification timing, cyber-insurance claim, OCR reporting, and the patient-facing communication.
The threat model
What actually goes wrong in dental practices in 2026
Dental is one of the most-targeted small-business verticals in the United States. Three patterns account for the majority of the losses we see.
1. Practice management system ransomware
The attacker phishes the office manager, lands a loader, moves laterally to the PMS server, exfiltrates the patient database, and encrypts everything on a Friday evening. Monday morning the practice cannot bill, treat, or look up a patient. Average recovery time without preparation: 5 to 21 days. Average ransom demand on a single dental practice: $50,000 to $250,000. Full walkthrough of the attack chain.
2. Business email compromise + wire fraud
The attacker phishes the office manager's Microsoft 365 credentials through an adversary-in-the-middle kit, captures the session token (MFA is already satisfied), sets an inbox rule that hides invoice and wire emails, and reroutes a lab payment to a foreign bank account. Average loss: $40,000 to $80,000 per incident. The pattern in detail.
3. HIPAA breach via unhardened defaults
Shared front-desk accounts, no audit-log review, an open SQL Server `sa` password from a 2018 install, a USB backup drive that ransomware encrypted along with everything else. OCR enforcement keeps finding the same gaps: no current risk analysis, no workforce training records, BAAs missing for cloud vendors. What the Security Rule actually requires.
Dental field notes
The six pieces every dental owner should read
Practitioner-written long reads. No marketing copy, no acronym soup. Each one written for a dental practice owner, not a CISO.
HIPAA Cybersecurity for Dental Practices: What the Security Rule Actually Requires
The pillar piece. 45 CFR § 164.308–164.318 in plain terms, the 2025 NPRM, and where most practices miss the mark.
Read the article →Dental Ransomware in 2026: Why Practice Management Systems Are the Number-One Target
The attack chain that ends with an encrypted Dentrix database on a Friday night, and the controls that break it.
Read the article →Securing Dentrix, Eaglesoft, and Open Dental: A Practical Hardening Guide
Account hygiene, SQL Server defaults, audit-log paths, backup architecture, and the imaging-vendor EDR-exclusion problem.
Read the article →Cyber Insurance for Dental Practices: The Controls Underwriters Are Asking About in 2026
The 2026 underwriting questionnaire, the co-insurance trap, and the operational sequence that passes the application.
Read the article →Business Email Compromise in Dental Offices: The $50k Wire-Fraud Pattern
The composite incident, the AiTM session-token theft, the callback-verification policy that costs nothing and stops it.
Read the article →Multi-Location Dental & DSO Cybersecurity: The Consolidation Problem
Pre-acquisition cyber diligence, the 4-quarter program, and the identity-consolidation question every growing group hits.
Read the article →Honest fit check
Who this program is for
- Single-location practices that handle ePHI and rely on Dentrix, Eaglesoft, or Open Dental
- Multi-location dental groups consolidating after recent acquisitions
- DSOs supporting affiliated practices that need a defensible HIPAA program
- Practices renewing cyber insurance and getting the new questionnaire
- Practice owners who use a local IT firm but want senior security expertise on call
- Owners who have heard about a dental ransomware incident in their area and want to act before it happens to them
And who it is not for
- Practices that do not use any cloud productivity suite, digital imaging, or electronic billing
- Practices that already operate an in-house 24/7 SOC with senior identity-security expertise
- Practices looking for a one-time HIPAA audit deliverable with no ongoing service
How we start
From first call to operating program
Discovery call (30 minutes)
Tell us how the practice runs. PMS, locations, headcount, current IT firm, cyber-insurance renewal date, recent incidents, and what is driving the conversation. We tell you which tier fits and where the real risks are.
Scoped proposal (within 3 business days)
Endpoint and user counts, tier recommendation, the implementation schedule, and the HIPAA evidence deliverables. Fixed monthly pricing. Month-to-month or annual. No vendor markup games.
Deployment (5–10 business days)
Huntress Managed EDR agent on every endpoint and the PMS server. Huntress Managed ITDR connected to your Microsoft 365 or Google Workspace tenant. Awareness program launched with a phishing simulation calibrated to the practice. Business Associate Agreement signed before any access.
24/7 operation + 90-day check-in
The Huntress SOC is watching from day one. Obsidian Ridge handles escalations, quarterly executive briefings, the HIPAA evidence package, the cyber-insurance renewal support, and the tabletop exercise the practice owner should be running annually.
Questions dental owners ask
Frequently asked questions
Are you a HIPAA-compliant managed cybersecurity firm?
We deliver the technical safeguards required by the HIPAA Security Rule — audit controls, encryption, identity threat detection, integrity monitoring — and we sign a Business Associate Agreement before any engagement. Vendors are not 'HIPAA certified' in any formal sense; the meaningful question is whether they can produce the technical evidence and sign the BAA. We can do both. We are not, and we do not claim to be, your HIPAA Privacy Officer.
Do you replace our IT company?
No, and we are explicit about that. We are a managed cybersecurity firm, not an MSP. Your IT firm continues to handle help-desk, Wi-Fi, hardware procurement, and PMS upgrades. We handle 24/7 monitoring, identity threat detection, security awareness training, and incident response. The two functions belong with different specialists; most general MSPs are not staffed or licensed to operate a 24/7 SOC.
What does this cost for a 4-chair single-location practice?
Foundation starts at $15 per agent per month — that covers the practice management server, every workstation, and doctor laptops with 24/7 monitoring. Protected at $32 per user per month adds Huntress Managed ITDR on the cloud productivity suite and the awareness-training program — that is the tier most practices land on once they understand how identity-layer attacks work. Complete at $55 per user per month adds SIEM and the formal compliance evidence program for practices with an upcoming insurance renewal or audit.
We use Dentrix on a local server. Can you protect it?
Yes. Huntress Managed EDR runs on Windows Server. We deploy the agent on the Dentrix server, the imaging workstation, every operatory workstation, and the front desk. The PMS server is usually the highest-value endpoint in the practice and the one most MSPs overlook on EDR coverage — we treat it as the priority.
What if we use Curve or Denticon — a cloud PMS?
Cloud PMS shifts the server burden to the vendor and the threat model toward account compromise. That is exactly where Huntress Managed ITDR matters most: monitoring sign-in anomalies, mailbox rules, OAuth consent, and token-replay attacks on your Microsoft 365 or Google Workspace tenant. The endpoint side is still important — laptops accessing the cloud PMS still get phished — so the Protected tier is usually the right starting point for cloud-PMS practices.
How long does deployment take?
Endpoint agent rollout typically completes within 5 business days of contract signing. Identity threat detection on Microsoft 365 or Google Workspace activates within 24–48 hours of tenant connection. The awareness-training program launches within the first two weeks. The HIPAA evidence package builds continuously and is review-ready after 90 days of operating data.
Do you help with the cyber insurance application?
Yes. Our Cyber Insurance Readiness sprint maps the carrier questionnaire to the actual controls you have or need, packages the evidence the underwriter wants to see, and tells you honestly which gaps are worth closing before renewal. Most dental practices we work with move from 'declined or surcharged' to 'standard rating' inside one renewal cycle.
What happens if we have a breach during your service?
You get an incident-response practitioner on the phone, not a ticket-queue auto-responder. We coordinate forensics, walk you through the HIPAA Breach Notification Rule timing (60 days for incidents affecting fewer than 500 patients, immediate plus media for 500 or more), help file the cyber-insurance claim, and produce the patient-notification language. The practice owner remains the decision-maker for legal and patient-facing communication; we operate every technical and process step required by the breach response.
Two ways to start
Free triage call, or the full dental briefing.
The 20-minute triage is the fastest way to find out whether this program fits your practice. The 30-minute dental briefing goes deeper — PMS, locations, insurance renewal, the threat model, and what your first 90 days would look like. Both are free, both are no-obligation, and we tell you when you don't need us.