Thursday, August 30, 2018

HHS Helps Practitioners Battle Ransomware

With all of the bad news and terrifying stories about data breaches lately, it might seem a whole lot easier just to stick your head in the sand and ignore the whole thing… right?  Unfortunately… wrong.  Failure to comply can create a data breach which can lead to fines, bad PR, and a plethora of other problems for the practice.  To help practices be in compliance, here is some really great info from the U.S. Department of Health and Human Services.  I’m placing this here in the hopes that it can help others in healthcare.
- John

FACT SHEET: Ransomware and HIPAA

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This document describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.

1. What is ransomware?

Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. After the user’s data is encrypted, the ransomware directs the user to pay the ransom to the hacker (usually in a cryptocurrency, such as Bitcoin) in order to receive a decryption key. However, hackers may deploy ransomware that also destroys or exfiltrates2 data, or ransomware in conjunction with other malware that does so.

2. Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of these required security measures include:

  • implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate those identified risks; 
  • implementing procedures to guard against and detect malicious software;
  • training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections; and 
  • implementing access controls to limit access to ePHI to only those persons or software programs requiring access.

The Security Management Process standard of the Security Rule includes requirements for all covered entities and business associates to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of the ePHI the entities create, receive, maintain, or transmit and to implement security measures sufficient to reduce those identified risks and vulnerabilities to a reasonable and appropriate level. It is expected that covered entities and business associates will use this process of risk analysis and risk management not only to satisfy the specific standards and implementation specifications of the Security Rule, but also when implementing security measures to reduce the particular risks and vulnerabilities to ePHI throughout an organization’s entire enterprise, identified as a result of an accurate and thorough risk analysis, to a reasonable and appropriate level. For example, although there is a not a Security Rule standard or implementation specification that specifically and expressly requires entities to update the firmware3 of network devices, entities, as part of their risk analysis and risk management process, should, as appropriate, identify and address the risks to ePHI of using networks devices running on obsolete firmware, especially when firmware updates are available to remediate known security vulnerabilities.

In general, moreover, the Security Rule simply establishes a floor, or minimum requirements, for the security of ePHI; entities are permitted (and encouraged) to implement additional and/or more stringent security measures above what they determine to be required by Security Rule standards.

3. Can HIPAA compliance help covered entities and business associates recover from infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires covered entities and business associates to implement policies and procedures that can assist an entity in responding to and recovering from a ransomware attack.

Because ransomware denies access to data, maintaining frequent backups and ensuring the ability to recover data from backups is crucial to recovering from a ransomware attack. Test restorations should be periodically conducted to verify the integrity of backed up data and provide confidence in an organization’s data restoration capabilities. Because some ransomware variants have been known to remove or otherwise disrupt online backups, entities should consider maintaining backups offline and unavailable from their networks.

Implementing a data backup plan is a Security Rule requirement for HIPAA covered entities and business associates as part of maintaining an overall contingency plan. Additional activities that must be included as part of an entity’s contingency plan include: disaster recovery planning, emergency operations planning, analyzing the criticality of applications and data to ensure all necessary applications and data are accounted for, and periodic testing of contingency plans to ensure organizational readiness to execute such plans and provide confidence they will be effective. See 45 C.F.R. 164.308(a)(7).

During the course of responding to a ransomware attack, an entity may find it necessary to activate its contingency or business continuity plans. Once activated, an entity will be able to continue its business operations while continuing to respond to and recover from a ransomware attack. Maintaining confidence in contingency plans and data recovery is critical for effective incident response, whether the incident is a ransomware attack or fire or natural disaster.

Security incident procedures, including procedures for responding to and reporting security incidents, are also required by HIPAA. See 45 C.F.R. 164.308(a)(6). An entity’s security incident procedures should prepare it to respond to various types of security incidents, including ransomware attacks. Robust security incident procedures for responding to a ransomware attack should include processes to4:

  • detect and conduct an initial analysis of the ransomware; 
  • contain the impact and propagation of the ransomware; 
  • eradicate the instances of ransomware and mitigate or remediate vulnerabilities that permitted
  • the ransomware attack and propagation; 
  • recover from the ransomware attack by restoring data lost during the attack and returning to
  • “business as usual” operations; and 
  • conduct post-incident activities, which could include a deeper analysis of the evidence to
  • determine if the entity has any regulatory, contractual or other obligations as a result of the incident (such as providing notification of a breach of protected health information), and incorporating any lessons learned into the overall security management process of the entity to improve incident response effectiveness for future security incidents. 

4. How can covered entities or business associates detect if their computer systems are infected with ransomware?

Unless ransomware is detected and propagation halted by an entity’s malicious software protection or other security measures, an entity would typically be alerted to the presence of ransomware only after the ransomware has encrypted the user’s data and alerted the user to its presence to demand payment. However, in some cases, an entity’s workforce may notice early indications of a ransomware attack that has evaded the entity’s security measures. HIPAA’s requirement that an entity’s workforce receive appropriate security training, including training for detecting and reporting instances of malicious software, can thus assist entities in preparing their staff to detect and respond to ransomware. Indicators of a ransomware attack could include:

  • a user’s realization that a link that was clicked on, a file attachment opened, or a website visited may have been malicious in nature; 
  • an increase in activity in the central processing unit (CPU) of a computer and disk activity for no apparent reason (due to the ransomware searching for, encrypting and removing data files); 
  • an inability to access certain files as the ransomware encrypts, deletes and re-names and/or re- locates data; and 
  • detection of suspicious network communications between the ransomware and the attackers’ command and control server(s) (this would most likely be detected by IT personnel via an intrusion detection or similar solution).

If an entity believes that a ransomware attack is underway, either because of indicators similar to those above or other methods of detection, the entity should immediately activate its security incident response plan, which should include measures to isolate the infected computer systems in order to halt propagation of the attack.

Additionally, it is recommended that an entity infected with ransomware contact its local FBI or United States Secret Service field office. These agencies work with Federal, state, local and international partners to pursue cyber criminals globally and assist victims of cybercrime.

5. What should covered entities or business associates do if their computer systems are infected with ransomware?

The presence of ransomware (or any malware) on a covered entity’s or business associate’s computer systems is a security incident under the HIPAA Security Rule. A security incident is defined as the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. See the definition of security incident at 45 C.F.R. 164.304. Once the ransomware is detected, the covered entity or business associate must initiate its security incident and response and reporting procedures. See 45 C.F.R. 164.308(a)(6).

HIPAA covered entities and business associates are required to develop and implement security incident procedures and response and reporting processes that they believe are reasonable and appropriate to respond to malware and other security incidents, including ransomware attacks. Entities seeking guidance regarding the implementation of security incident procedures may wish to review NIST SP 800- 61 Rev. 2, Computer Security Incident Handling Guide5 for additional information.

An entity’s security incident response activities should begin with an initial analysis to: 

  • determine the scope of the incident to identify what networks, systems, or applications are affected; 
  • determine the origination of the incident (who/what/where/when); 
  • determine whether the incident is finished, is ongoing or has propagated additional incidents
  • throughout the environment; and 
  • determine how the incident occurred (e.g., tools and attack methods used, vulnerabilities
  • exploited).

These initial steps should assist the entity in prioritizing subsequent incident response activities and serve as a foundation for conducting a deeper analysis of the incident and its impact. Subsequent security incident response activities should include steps to:

  • contain the impact and propagation of the ransomware; 
  • eradicate the instances of ransomware and mitigate or remediate vulnerabilities that permitted
  • the ransomware attack and propagation; 
  • recover from the ransomware attack by restoring data lost during the attack and returning to
  • “business as usual” operations; and 
  • conduct post-incident activities, which could include a deeper analysis of the evidence to
  • determine if the entity has any regulatory, contractual or other obligations as a result of the incident (such as providing notification of a breach of protected health information), and incorporating any lessons learned into the overall security management process of the entity to improve incident response effectiveness for future security incidents.

Part of a deeper analysis should involve assessing whether or not there was a breach of PHI as a result of the security incident. The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule and a breach, depending on the facts and circumstances of the attack. See the definition of disclosure at 45 C.F.R. 160.103 and the definition of breach at 45 C.F.R. 164.402.

6. Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?

Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination. A breach under the HIPAA Rules is defined as, “...the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.” See 45 C.F.R. 164.402.6

When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.

Unless the covered entity or business associate can demonstrate that there is a “...low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred. The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.

7. How can covered entities or business associates demonstrate “...that there is a low probability that the PHI has been compromised” such that breach notification would not be required?

To demonstrate that there is a low probability that the protected health information (PHI) has been compromised because of a breach, a risk assessment considering at least the following four factors (see 45 C.F.R. 164.402(2)) must be conducted:

1. the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification;

2. the unauthorized person who used the PHI or to whom the disclosure was made;

3. whether the PHI was actually acquired or viewed; and

4. the extent to which the risk to the PHI has been mitigated.

A thorough and accurate evaluation of the evidence acquired and analyzed as a result of security incident response activities could help entities with the risk assessment process above by revealing, for example: the exact type and variant of malware discovered; the algorithmic steps undertaken by the malware; communications, including exfiltration attempts between the malware and attackers’ command and control servers; and whether or not the malware propagated to other systems, potentially affecting additional sources of electronic PHI (ePHI). Correctly identifying the malware involved can assist an entity to determine what algorithmic steps the malware is programmed to perform. Understanding what a particular strain of malware is programmed to do can help determine how or if a particular malware variant may laterally propagate throughout an entity’s enterprise, what types of data the malware is searching for, whether or not the malware may attempt to exfiltrate data, or whether or not the malware deposits hidden malicious software or exploits vulnerabilities to provide future unauthorized access, among other factors.

Although entities are required to consider the four factors listed above in conducting their risk assessments to determine whether there is a low probability of compromise of the ePHI, entities are encouraged to consider additional factors, as needed, to appropriately evaluate the risk that the PHI has been compromised. If, for example, there is high risk of unavailability of the data, or high risk to the
integrity of the data, such additional factors may indicate compromise. In those cases, entities must provide notification to individuals without unreasonable delay, particularly given that any delay may impact healthcare service and patient safety.

Additionally, with respect to considering the extent to which the risk to PHI has been mitigated (the fourth factor) where ransomware has accessed PHI, the entity may wish to consider the impact of the ransomware on the integrity of the PHI. Frequently, ransomware, after encrypting the data it was seeking, deletes the original data and leaves only the data in encrypted form. An entity may be able to show mitigation of the impact of a ransomware attack affecting the integrity of PHI through the implementation of robust contingency plans including disaster recovery and data backup plans. Conducting frequent backups and ensuring the ability to recover data from backups is crucial to recovering from a ransomware attack and ensuring the integrity of PHI affected by ransomware. Test restorations should be periodically conducted to verify the integrity of backed up data and provide confidence in an organization’s data restoration capabilities. Integrity to PHI data is only one aspect when considering to what extent the risk to PHI has been mitigated. Additional aspects, including whether or not PHI has been exfiltrated, should also be considered when determining the extent to which the risk to PHI has been mitigated.

The risk assessment to determine whether there is a low probability of compromise of the PHI must be thorough, completed in good faith and reach conclusions that are reasonable given the circumstances. Furthermore, in accordance with 45 C.F.R. 164.530(j)(iv)), covered entities and business associates must maintain supporting documentation sufficient to meet their burden of proof (see 45 C.F.R. 164.414) regarding the breach assessment – and if applicable, notification - process including:

  • documentation of the risk assessment demonstrating the conclusions reached; 
  • documentation of any exceptions determined to be applicable to the impermissible use or disclosure (see 45 C.F.R. 164.402(1)) of the PHI; and 
  • documentation demonstrating that all notifications were made, if a determination was made that the impermissible use or disclosure was a reportable breach. 

8. Is it a reportable breach if the ePHI encrypted by the ransomware was already encrypted to comply with HIPAA?

This is a fact specific determination. The HIPAA breach notification provisions apply to “unsecured PHI” (see 45 C.F.R. 164.402), which is protected health information (PHI) that is not secured through the use of a technology or methodology specified by the Secretary in guidance. If the electronic PHI (ePHI) is encrypted by the entity in a manner consistent with the Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals7 such that it is no longer “unsecured PHI,” then the entity is not required to conduct a risk assessment to determine if there is a low probability of compromise, and breach notification is not required.

However, even if the PHI is encrypted in accordance with the HHS guidance, additional analysis may still be required to ensure that the encryption solution, as implemented, has rendered the affected PHI unreadable, unusable and indecipherable to unauthorized persons. A full disk encryption solution may render the data on a computer system’s hard drive unreadable, unusable and indecipherable to unauthorized persons while the computer system (such as a laptop) is powered down. Once the computer system is powered on and the operating system is loaded, however, many full disk encryption solutions will transparently decrypt and encrypt files accessed by the user.

For example, if a laptop encrypted with a full disk encryption solution in a manner consistent with HHS guidance8 is properly shut down and powered off and then lost or stolen, the data on the laptop would be unreadable, unusable and indecipherable to anyone other than the authenticated user. Because the PHI on the laptop is not “unsecured PHI”, a covered entity or business associate need not perform a risk assessment to determine a low probability of compromise or provide breach notification.

However, in contrast to the above example, if the laptop is powered on and in use by an authenticated user, who then performs an action (clicks on a link to a malicious website, opens an attachment from a phishing email, etc.) that infects the laptop with ransomware, there could be a breach of PHI. If full disk encryption is the only encryption solution in use to protect the PHI and if the ransomware accesses the file containing the PHI, the file containing the PHI will be transparently decrypted by the full disk encryption solution and access permitted with the same access levels granted to the user.

Because the file containing the PHI was decrypted and thus “unsecured PHI” at the point in time that the ransomware accessed the file, an impermissible disclosure of PHI was made and a breach is presumed. Under the HIPAA Breach Notification Rule, notification in accordance with 45 CFR 164.404 is required unless the entity can demonstrate a low probability of compromise of the PHI based on the four factor risk assessment (see 45 C.F.R. 164.402(2)).




1 United States Government Interagency Guidance Document, How to Protect Your Networks from Ransomware available at
2 Exfiltration is “[t]he unauthorized transfer of information from an information system.” NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. (April 2013).


Available at

3 Firmware refers to “[c]omputer programs and data stored in hardware... such that the programs and data cannot be dynamically written or modified during execution of the programs.” NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations. (April 2013).
Available at 

4 Adapted from NIST SP 800-61Rev. 2, Computer Security Incident Handling Guide. 

5 Available at 

 See also Section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 Available at 

Wednesday, August 29, 2018

Kerr SonicFill 3 is Now on the Market!

Sonic Fill 3.jpg

KaVo Kerr is excited to announce the launch of new SonicFill™ 3 SingleFill™ Composite System. SonicFill™ 2 enabled thousands of dentists to simplify and speed up the time-consuming, multi-stage process of crafting quality posterior restorations. SonicFill 3 takes that performance to the next level. Dentists will appreciate the improved adaptation and handling, and easier extrusion during placement.

The new, advanced SonicFill 3 fills cavities in seconds, is non-sticky and slump-free. In addition, cavities up to 5mm in depth can be filled in a single increment, without a need for a liner or capping layer. SonicFill 3 contains a nano-scale zirconsil (zirconium oxide + silica oxide) filler system, which provides effective blending, wear resistance, strength and reliability to ensure lasting restorations.

The new SonicFill3 SingleFill Composite System is the only sonic-activated bulk fill composite that acts both as a flowable composite during placement, and as a sculptable material after the sonic energy is removed increasing the speed and efficiency of restorative procedures.

“Simply put, SonicFill will allow you to become extremely efficient, increase your speed, and deliver improved adaptation and  lasting marginal integrity for predictable outcomes,” writes Dr. Philip Chahine, DMD, FAGD. “It’s a win-win for everyone involved.”

“The implementation of SonicFill bulk fill composite in my day-to-day patient care has met the need for placing posterior composite restorations that are completed in a quarter of the time of conventional layered composites”, added Dr. Scott Coleman, DDS, MAGD.

“SonicFill has changed the game forever in restorative dentistry. SonicFill 3 is another major step forward in our commitment in delivering quality products our customers have come to expect from KaVo Kerr,”  said Phil Prentice, VP of Marketing, KaVo Kerr Corporation.

For more information on SonicFill 3 or to schedule a free trial, call 800‐KERR123, or visit

Tuesday, August 28, 2018

New app is the one-stop shop for all things Dentsply Sirona World 2018

DentsplySirona logo.png
Dentsply Sirona World is approaching.  As it does, I’ll be sure to have as many updates as possible just to keep you all informed.  Here’s the latest.  Hats off to the organizers for putting together an app for the entire meeting!

Dentsply Sirona, the Dental Solutions CompanyTM, today announced the launch of the Dentsply Sirona World 2018 app for mobile devices.

Registered DSW18 attendees are encouraged to download and begin using the app immediately to get a jumpstart on planning their schedules, register for courses, learn more about speakers and sessions, and be among the first to get all the latest event details.

“Not only does this app provide vital information, but it further builds the close-knit Dentsply Sirona World community,” said Digital Media Manager Megan Lynch. “Through the app, users can register for courses, post event-related selfies, read comments, get updates from friends and colleagues – and do all of this in real time! This app is truly a great way to experience ALL of Dentsply Sirona World 2018.”

Some of the features of the DSW18 app include:

  • Review the full event schedule, including all Breakout and General Sessions, including dates and times. 
  • Register for preferred sessions and build your daily agenda. 
  • No need to worry about getting lost – access hotel and conference maps to learn your way around the Rosen Shingle Creek Resort before your arrival! 
  • Bookmark any of the remarkable speakers and exhibitors you don’t want to miss - all on your mobile device! 
  • Make sure you don’t miss any of the once-in-a-lifetime entertainment events, including private performances by Grammy-nominated singer Katy Perry and Grammy- nominated comedian Jim Gaffigan. 


Dentsply Sirona is the world’s largest manufacturer of professional dental products and technologies, with a 130-year history of innovation and service to the dental industry and patients worldwide. Dentsply Sirona develops, manufactures, and markets a comprehensive solutions offering including dental and oral health products as well as other consumable medical devices under a strong portfolio of world class brands. As

The Dental Solutions Company TM, Dentsply Sirona’s products provide innovative, high-quality and effective solutions to advance patient care and deliver better, safer and faster dentistry. Dentsply Sirona’s global headquarters is located in York, Pennsylvania, and the international headquarters is based in Salzburg, Austria. The company’s shares are listed in the United States on NASDAQ under the symbol XRAY. Visit for more information about Dentsply Sirona and its products.

• Show Dentsply Sirona and your fellow attendees just how much fun you’re having by posting pictures and interacting with each other on the app’s Activity Feed.

Registered DSW18 attendees receive an email with instructions on how to download the app onto their preferred IOS or Android device, as well as information on how to use the mobile web version of the app.

If you have any difficulty downloading the app, please call the Dentsply Sirona World information desk at 1.844.462.7476.

Registration for Dentsply Sirona World 2018 is still open; to learn more, visit, contact the Dentsply Sirona World hotline at 1.844.462.7476 or email

Monday, August 27, 2018

T-Mobile Announces Data Breach 08-20-2018 That Affected 2 Million Users

T-Mobile Logo.jpg
In the world we live in, data moves fast.  Unfortunately, that also applies to data involved in data breaches.  The bad guys with highspeed ‘net connections can just perform mayhem and thievery faster.  It’s sad, but it’s true.  The double edged sword that allows us to get so much done in less time, allows hackers to do the same… and to download the data faster as well.
Also, it seems like the faster this type of thing happens, the slower companies are to report it to their customers.  To that end I give a lot of credit to T-Mobile.  The suffered a breach four days ago, and they already have reported it and the info is available to the public.  I’m not going to use this post to blast T-Mobile, in the world that exists today, breaches are going to happen.  I’m saluting them for getting the info to their customers so quickly.
Here is what they have to say in their press release… and actually this could have been a lot worse.

Dear Customer –

Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.

On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

If you have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.

We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.

What Happened?

On August 20, our cyber-security team discovered and shut down an unauthorized capture of some information, including yours, and promptly reported it to authorities. No financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, some personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

I got a notification.  What do I need to do?

We wanted you to be aware of this situation. If you have questions, please call Customer Care at your convenience. If you are a Metro PCS customer, just dial 611 from your mobile phone. If you are a T-Mobile customer, you can dial 611, use two-way messaging on, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and As a reminder, it’s always a good idea to regularly change account passwords.

I didn’t get a notification!  Should I be worried?

All affected customers have been, or shortly will be, notified. If you don’t receive a notification than that means your account was not among those impacted by this incident. If you need assistance or have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.

What is T-Mobile doing to prevent this from happening again?

We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure. For more information on how we protect your information, please check out our privacy policy. We also provide security tips for you at:


Thursday, August 23, 2018

New Henry Schein One Service Bundles Announced

Dentrix Article.png

For you Dentrix users who are blog readers, this is some important info.  I’ve just returned from the Henry Schein One Summit and the company has some incredible enhancements and offerings coming soon.  I’ll do my best to bring you up to date on these.  Here’s the first one, give it a read.


Henry Schein Practice Solutions recently joined with a select group of industry-leading companies to form a new company called Henry Schein One. This organization, which includes Demandforce, Officite, Sesame and Dental Plans, combines leading practice management, revenue tools, and patient recruitment and engagement solutions all in one company to help you improve every aspect of your dental business.

Helping your business thrive remains our top priority. With one connected platform, your technology tools can talk to each other, share more data and automate more tasks. So your team can work smarter and faster—and improve each step of the patient experience.

Henry Schein One Service Bundles combine traditional Dentrix eServices with industry-leading solutions to help you boost profits, enhance patient care and set your practice apart from the competition. The new service bundles include:

Optimum Pro - Optimum Pro gives you our proven software support and payment management services and adds a complete set of tools, powered by Demandforce, that allow you to communicate with your patients more efficiently.
Ultimate - Ultimate is the top of the line for dental practices that not only want to succeed with revenue cycle management and patient engagement but truly understand the value of digital marketing to maintain and grow their patient base. Along with the eServices included in Optimum Pro, Ultimate pushes practice management into customer retention and acquisition with expertly crafted online marketing, powered by Officite.
For a detailed list of the features in each of the new service bundles from Henry Schein One, click on this web link:

To learn more or to purchase a Henry Schein One bundle, contact us at 800.336.8749.

Wednesday, August 22, 2018

How new technology will impact treatment planning


One of the true game changers in our profession as of late has been the development of cone beam computed tomography (CBCT). That combined with the market penetration of digital radiography, which is now well over 50 percent, has created an environment of visual co-diagnosis that has dramatically changed the way we communicate with patients and the way we diagnose.

I’m a huge supporter of visually-based technologies for the simple reason that human beings rely heavily on their sense of sight. Whether it’s computer images, photos or working under high magnification, the ability to see well gives you the ability to “do” well.

Combining multiple factors of visually-based practice systems allows for greater efficiency of treatment and greater predictability of outcomes…

For the rest of my latest article that is appearing in this issue of DPR, head over to the Dental Products Report website.  

Tuesday, August 21, 2018

Westminster Pharmaceuticals, LLC. Issues Voluntary Nationwide Recall of Levothyroxine and Liothyronine (Thyroid Tablets, USP) Due to Risk of Adulteration

While I try to keep most info here dealing with tech topics or advancements, every once in a while I come across some healthcare info that, while isn’t strictly tech, for sure needs to be disseminated to all of you.  So, for today I think it’s important to get the word out on a FDA recall on dosages of a common thyroid medication.
Here is the report from the FDA website:

Westminster Pharmaceuticals, LLC is voluntarily recalling all lots, within expiry, of Levothyroxine and Liothyronine (Thyroid Tablets, USP) 15 mg, 30 mg, 60 mg, 90 mg, & 120 mg to the wholesale level. These products are being recalled as a precaution because they were manufactured using active pharmaceutical ingredients that were sourced prior to the FDA’s Import Alert of Sichuan Friendly Pharmaceutical Co., Ltd., which as a result of a 2017 inspection were found to have deficiencies with Current Good Manufacturing Practices (cGMP). Substandard cGMP practices could represent the possibility of risk being introduced into the manufacturing process.

To date, Westminster Pharmaceuticals has not received any reports of adverse events related to this product.

Levothyroxine and Liothyronine (thyroid tablets, USP) for oral use is a natural preparation derived from porcine thyroid glands. Thyroid tablets contain both tetraiodothyronine sodium (T4 levothyroxine) and liothyronine sodium (T3 liothyronine). Levothyroxine and Liothyronine tablets (thyroid tablets, USP) are indicated as replacement or supplemental therapy in patients with hypothyroidism. Appropriate adjustments of the various therapeutic measures directed at these concomitant endocrine diseases are required. Thyroid is not associated with serious adverse reactions and does not have a known tumorigenic potential.

Because these products may be used in the treatment of serious medical conditions, patients taking the recalled medicines should continue taking their medicine until they have a replacement product.

The products subject to recall are packed in 100-count bottles. To best identify the product the NDC’s, Product Description, Lot numbers and Expiration dates are listed below. These lots were distributed nationwide in the USA to Westminster’s direct accounts.

Levothyroxine and Liothyronine (Thyroid Tablets, USP) 15mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 30mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 60mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 90mg X 100ct
Levothyroxine and Liothyronine (Thyroid Tablets, USP) 120mg X 100ct
Westminster is notifying its direct accounts by email and by phone to immediately discontinue distribution of the product being recalled and to notify their sub-wholesale accounts of this product recall and make arrangements for impacted product to be returned to Westminster. Instructions for returning recalled products are given in the Recall Notice Letter and Recall Response Form. Consumers that have these products which are being recalled should not discontinue use before contacting their physician for further guidance.

Customers and patients with medical-related questions, information about an adverse event or other questions about the Westminster’s product’s being recalled should contact Westminster’s Regulatory Affairs department by phone at: 888-354-9939

Live calls are received Monday-Friday, 9:00AM - 5:00PM EST with voicemail available 24 hours/day, 7 days/week or email
Adverse reactions or quality problems experienced with the use of this product may be reported to the FDA's MedWatch Adverse Event Reporting program either online, by regular mail or by fax.

Complete and submit the report Online:
Regular Mail or Fax: Download form or call 1-800-332-1088 to request a reporting form, then complete and return to the address on the pre-addressed form, or submit by fax to 1-800-FDA- 0178

Monday, August 20, 2018

Use of Mobile Devices in the Issuance of EPCS

Doc with phone.jpg
Here is important info from the Drug Enforcement Agency regarding using mobile devices for issuing electronic prescriptions for controlled substances (EPCS).  If any of you are using your mobile devices to issue prescriptions, this info is a very important read.  This notice was issued just last we from the DEA Diversion Control Division.

The DEA is issuing the following statement regarding the use of mobile devices for issuing electronic prescriptions for controlled substances (EPCS) due to confusion surrounding this issue.

At this time, the DEA does not preclude the use of a mobile device, for the issuance of an electronic prescription for a controlled substance, if the encryption used on the device meets the latest security requirements set out in Federal Information Processing Standards (FIPS 140-2).   The DEA will allow the use of a mobile device as a hard token, that is separate from the computer or device running the EPCS application, if that device meets FIPS 140-2 Security Level 1 or higher.  The device used to create the prescription cannot be the same device that serves as the hard token in the two-factor authentication. 

A practitioner who uses a mobile or other electronic device for EPCS, and who does not wish to carry a hard token on a separate device, must use biometrics, and a password or a challenge question.  See 21 C.F.R. §§ 1311.115 and 1311.116.

A practitioner may issue an electronic prescription for a Schedule II, III, IV, or V controlled substance when all of the requirements under 21 C.F.R. Part 1311 (Subpart C) are met. 

Please note that while this document reflects DEA’s interpretation of the relevant provisions of the Controlled Substances Act (CSA) and DEA regulations, to the extent it goes beyond merely reiterating the text of law or regulations, it does not have the force of law and is not legally binding on registrants.  Because this document is not a regulation that has the force of law, it may be rescinded or modified at DEA’s discretion.

For more information contact DEA Policy & Liaison Section at

Thursday, August 16, 2018

Kid’s Nite Out offers fun and safe childcare during Dentsply Sirona World 2018

Kid's Nite Out 2.jpg

Here’s a great piece of news for those of you that are planning on attending the Dentsply Sirona World event that’s coming up in September.  The event is being held in Orlando this year and Orlando, of course, beckons with family vacations.  To help facilitate things for families, the meeting is providing day care in a safe environment.  Read on for the details.


For one low price, parents can experience every day of the Ultimate Dental Meeting stress-free knowing their children are spending the whole day safe and entertained in the same venue

If you have children, there is no need to worry about missing Dentsply Sirona World, Sept. 13-15 at the Rosen Shingle Creek Resort in Orlando, because your children now get a chance to have their own fun and educational experience. For just a one-time fee of $600 per child, attendees can drop their children off all day Thursday-Saturday in the Lake Toho room of the Rosen Shingle Creek Resort with Kid’s Nite Out, a family-operated business providing quality and safe childcare during conventions and vacations.

While you are mingling with and learning from the industry’s finest at this year’s Ultimate Dental Meeting, dedicated caregivers and the best staff in the childcare business are keeping your children safe and entertained.

“We understand the struggle of finding quality childcare during conventions like Dentsply Sirona World, and that’s why Kid’s Nite Out is important,” said Vice President of Marketing Ingo Zimmer. “We want to make sure everyone has an equal chance to attend all of the captivating educational opportunities we’re offering.”

Kid’s Nite Out is providing services:

  • Thursday, Sept. 13, 8:30 a.m. – 11 p.m. 
  • Friday, Sept. 14, 8 a.m. – 11 p.m. 
  • Saturday, Sept. 15, 8:30 a.m. – midnight

While Kid’s Nite Out is offering lunch and snacks, parents are expected to give their children breakfast and dinner. The dinner break each day is between 5:30-7 p.m. Kid’s Nite Out will not be responsible for the children during this time.

Wednesday, August 15, 2018

Canadian Dental Practice Consolidation Continues According to 2018 DIAC Survey

DIAC Logo.png
Here is some pretty interesting info from the Dental Industry Association of Canada.  This information comes from the Twenty-Second Annual Future of Dentistry Survey.  The things you can glean from this definitely point to some trends that I’m confident others are seeing in countries outside of Canada.  It’s well worth reading.

 – The fundamental shift in the make-up of the Canadian dental practice detected in previous reports is continuing, according to results from the DIAC (Dental Industry Association of Canada) Twenty-Second Annual Future of Dentistry Survey. All of the following points may reflect on the impact of the current economic situation on the dental practice in Canada:

  Trend towards increasing numbers of dentists in the practice continues, with 11% of practices with five or more dentists. This was 3.4% in 2016 and an average of 6.3% the last 14 years.
  Growing percentage of respondents describing their location as Urban (now 62% as compared to 56% last year and 51% in 2016) (average of 53% over past ten years). Drop off is in Suburban locations (falling to 22% from 29% last year and an average of 25% over the past 10 years).
  Practices with three or fewer operatories had been generally in steady decline since the survey began, a real drop of 40.2% since 1997.
  28% of respondents planning to add at least one operatory as opposed to 22% last year.
  The number of hygiene days per practice is increasing overall (with more days being added by

those who only had one or two per week previously) - 46% of respondents in 2018 had 5 or more

hygiene days per week, as compared to 44% last year and the average of 38.6% the last ten years).
  At the same time, the average number of patients treated per day continues to decline. Unlike last

year, where a higher number of specialists responded, the GP/Specialist split on response returned to historical norms in 2018. On an overall basis, dentists treated 11 patients in an average day as compared to the average of 12.5 patients over the last ten years. 89% stated they treated less than 15 patients a day (as opposed to 83% last year and an average of 78.6% over the last four years).
  Reinforcing the 2017 results, dentists continue to move into Multi-practice (Group Practice). While the majority (63%) of respondents stated they were in a solo practice, more than a third (34%) are now in a group practice – and these group practices are getting bigger with 24% having 5 or more operatories (as opposed to 17% in 2017). While the two key advantages attracting those in a multi-practice structure were Associate Support (57%) and Buying Power (20%), “Better hours for patients” had growing support this year with 12% of response. The majority of Group Practice respondents (63%) felt they offered a higher standard of care than a solo practitioner. However, a substantial 23% said they did not. This finding is reinforced by the response to the main drawbacks of a multi-practice (Group practice) structure with 21% citing Consistency of Care (#2 response with Conflict with management style #1 at 29%).

It is little wonder that “Financial/paying bills/overhead” was the top challenge that respondents intended to address in 2018 (as well as the Top Metric for Success in the opinion of 78% of respondents), with “Getting more patients/keep busy” a close second. The majority (60%) of dental practices now offer patient financing in some fashion, reinforcing results from 2017 (almost one-half (45%) of respondents offered in-house financing while 15% used third party financing) as a way to get those patients.
Financial concerns also appear to have impacted on dentists Practice Management CE activities. The top focus is on building “the Numbers”. The highest rated Practice Management topics for 2018 involve building the business of the practice (ranked in order from highest: Leadership Team Development; Revenue Enhancement/Expense Management; Fraud Protection; and Communication/Case Presentation).

For the first time, Social Media was mentioned by over 50% of respondents as one of the most popular Practice-Building Tools utilized, still second to “Asking for referrals” but trending rapidly upward from 13% in 2012. This movement to on-line promotion mirrors where dental patients are telling practitioners they are getting information on dental treatment options. According to the survey, Internet achieved another all-time high rating and was ranked as the top patient source for the third straight year. This was followed by the more traditional sources of Family members, friends, etc. and Dentist/Dental Team presentations.

A total of 414 practicing Canadian dentists responded to this year’s survey with a good proportional distribution across all regions of the country. Based on this response rate, overall 2018 survey results have an accuracy of +/- 4.7% 19 times out of 20.

Tuesday, August 14, 2018

Beware of iOS Phishing Scam that Promises to Connect You to "Apple Care"

Ars Technica Logo.png
The smart people at website Ars Technica lately have uncovered and reported on a pretty sneaky way that bad guys are using to attempt to get users to give away their personal data.
As I’ve preached here many times, usually the most vulnerable chink in the security armor, is the human one.  Social engineering goes back about as long as humans do and nobody knows that quite like the nefarious types that inhabit the online criminal world.
To that end, now the crooks have come up with a way to trick iPhone users into calling into the bad guy call centers and actually “volunteering” to give away their information.
Are tells us:
This particular phish, targeted at email addresses associated with Apple's iCloud service, appears to be linked to efforts to fool iPhone users into allowing attackers to enroll them into rogue mobile device management services that allow bad actors to push compromised applications to the victim's phones as part of a fraudulent Apple "security service."
So… basically the user is tricked into thinking their phone is compromised and will be shutoff unless they call a number.  Once you call, they use social engineering tactics to get your username and password or to install rogue applications.  Either way, once that happens… they own your device.
So be alert!  There are lots of scams out there and the only reason they exist is because, sadly, they work on more than enough honest people to make the effort profitable.
Here’s a link to the entire Ars Technica story on the issue.  It’s a somewhat complicated read due to some short descriptions on coding & the web pages involved, but I feel it’s well worth your time to read it.

Monday, August 13, 2018

It Appears that Healthcare Data Breaches are More Common in Larger Facilities

According to a recent study that appeared in JAMA Internal Medicine, larger medical facilities are more likely to suffer from data breaches.
This makes a certain degree of sense.  Larger institutions certainly have more patient data stored in the EHR (Electronic Health Record) and, therefore, make a more practical target for attackers.  By going after larger databases, hackers can get more info per intrusion.  Obviously, even in the world of data theft, economies of scale exist.  There is also the matter of simple computer security.  Larger organizations will have more computers, connected devices, etc that need to be patched and kept updated with the latest security enhancements.  One small door is all that is needed and in big hospitals, there are more “electronic doors” and therefore, greater odds of finding a device to exploit.  Then there is the matter of employees and security protocols.  The sheer number of people with access to data means more opportunities for a phishing attack or any of a myriad other things that might leave data exposed.
While I agree with the odds increasing as the amount of patient data increases, it should be noted here that data breaches, hacking, and RansomWare are an all to frequent occurrence in small practices as well.  My good friends at DDS Rescue tell me that their help is frequently required by customers that have either been locked out of their data by RansomWare or some type of malicious hacking break in.  These situations can happen to anyone.  You need to be prepared and DDS Rescue can help you with hacking incidents.
Here is an abbreviated version of the article:

As the adoption of electronic record and health information technology rapidly expands, hospitals and other health providers increasingly suffer from data breaches.1 A data breach is an impermissible use or disclosure that compromises the security or privacy of the protected health information and is commonly caused by a malicious or criminal attack, system glitch, or human error.2,3 Policy makers, hospital administrators, and the public are highly interested in reducing the incidence of data breaches. In this retrospective data analysis, we use data from the Department of Health and Human Services (HHS) to examine what type of hospitals face a higher risk of data breaches.

Under the Health Information Technology for Economic and Clinical Health Act of 2009, all heath care providers covered by the Health Insurance Portability and Accountability Act must notify HHS of any breach of protected health information affecting 500 or more individuals within 60 days from the discovery of the breach. The Department of Health and Human Services publishes the submitted data breach incidents on its website, with the earliest submission date as October 21, 2009. We were able to link 141 acute care hospitals to their 2014 fiscal year Medicare cost reports filed with the Centers for Medicare and Medicaid Services (CMS). The unlinked hospitals include long-term care hospitals, Veterans Affairs and military hospitals, hospital systems, and hospitals unidentifiable in the CMS data set. We applied multivariable and regression analyses to compare these 141 hospitals with other acute care hospitals to understand what type of hospitals face a higher risk of breaches.4 Statistical analysis was performed with SAS 9.4 (SAS Institute Inc) and STATA 14 (StataCorp LLC). For statistical analysis, t tests were used, and P < .05 was considered significant.

Between October 21, 2009, and December 31, 2016, 1798 data breaches were reported.5 Among them, 1225 breaches were reported by health care providers and the remaining by business associates, health plans, or health care clearing houses. There were 257 breaches reported by 216 hospitals in the data, with median (interquartile range [IQR]) 1847 (872-4859) affected individuals per breach; 33 hospitals that had been breached at least twice and many of which are large major teaching hospitals (Table 1). Table 2 lists hospitals with more than 20 000 total affected individuals. For the 141 acute care victim hospitals linked to their 2014 CMS cost reports, the median (IQR) number of beds was 262 (137-461) and 52 (37%) were major teaching hospitals. In contrast, among 2852 acute care hospitals not identified as having breaching incidents, the median (IQR) number of hospital beds was 134 (64-254), and 265 (9%) were major teaching hospitals. Hospital size and major teaching status were positively associated with the risk of data breaches (P < .001).

A fundamental trade-off exists between data security and data access. Broad access to health information, essential for hospitals’ quality improvement efforts and research and education needs, inevitably increases risks for data breaches and makes “zero breach” an extremely challenging objective. The evolving landscape of breach activity, detection, management, and response requires hospitals to continuously evaluate their risks and apply best data security practices. Despite the call for good data hygiene,6 little evidence exists of the effectiveness of specific practices in hospitals. Identification of evidence-based effective data security practices should be made a research priority.

This study has 3 important limitations. First, data breaches affecting fewer than 500 individuals were not examined. Second, since each victim hospital was matched to CMS cost report based on the name and state, the matching might be incomplete or inaccurate for some hospitals. Finally, our analysis is limited to the hospital industry. Future studies that examine the characteristics of other types of health care entities that experienced data breaches are warranted.

Interview with Kent Howell on the Axsys Dental Versamill 5Xs

Here is an interview shot recently for Dental Products Report.  There is a growing interest in providing in office milling for different types of dental materials.  Since the industry began to embrace the Open Source concept, allowing for mixing and matching your preferred digital impression system with your preferred in office milling system, many doctors are considering the possibilities all of this entails.

If you are wondering about the kinds of things an in office mill can do for you, watch this video and learn from a doctor who is using one in his advanced practice every day.

For more info about Axsys Dental and their products, head over to their webpage. 


Thursday, August 9, 2018

Ultradent Proudly Announces the Ultrapro® Tx Prophylaxis Equipment Family

Ultrapro photo.jpg
For those of you who are looking to upgrade your hygiene armamentarium, here’s something to look at from my friends at Ultradent.  The Ultrapro family of hygiene products is pretty special.

Ultradent Products, Inc., proudly announces the next generation of the Ultrapro® Txprophylaxis equipment family, including the Ultrapro® Tx Air handpiece, the Ultrapro® Tx Skini prophy angle, and the Ultrapro® Tx Extra prophy angle.


Ultrapro Tx Air Handpiece

For the dental professional who values products that minimize the aches and pains associated with performing prophylaxis, the Ultrapro Tx Air handpiece is designed to reduce hand and arm fatigue thanks to its ergonomic, light-weight, aluminum design and 360° swivel. Its soft-start motor minimizes splatter and is vibration-free to maximize patient comfort as well. The Ultrapro Tx Air handpiece safely performs prophylaxis by reducing friction and heat when polishing the patient’s teeth, allowing it to clean effectively while still protecting the enamel. Its universal e-type motor can be used with other attachments and nose cones, and it can be used with all disposable prophy angles for convenience.


Ultrapro Tx Skini Disposable Prophy Angle

The Ultrapro Tx Skini disposable prophy angle offers improved interproximal cleaning, internal blades to reduce splatter, and features a smooth, quiet gear design. Its ergonomic shape minimizes hand fatigue and, with a 20% shorter head and 25% slimmer neck, offers superior access and an unobstructed view for the clinician. The Skini DPA also offers optimal flare, as well as contra-angle and right-angle design options.


Ultrapro Tx Extra Disposable Prophy Angle

The Ultrapro Tx Extra disposable prophy angle features external ridges for improved interproximal cleaning and improved internal webbing for reduced splatter. Its ergonomic design and smooth, quiet gear function facilitate the ultimate experience in comfort for both the clinician and the patient. The Extra DPA also features optimal cup flare and is available with a tapered brush.


To learn more or to purchase any of the products in the Ultrapro Tx prophylaxis equipment family, please visit or call us at 800.552.5512.

Wednesday, August 8, 2018

American Academy of Periodontology to Hold its 104th Annual Meeting in Vancouver

— The American Academy of Periodontology (AAP) will hold its 104th Annual Meeting Oct. 27-30, 2018, at the Vancouver Convention Centre in Vancouver, British Columbia. The event is presented in collaboration with the Canadian Academy of Periodontology, the Japanese Academy of Clinical Periodontology, and the Japanese Society of Periodontology. All dental professionals—including students, early-career periodontists, hygienists, office staff, and members of the dental media—are encouraged to attend.
This year’s meeting, which provides up to 25.5 continuing education credits, features 45 courses and more than 30 new speakers. Ten redesigned program tracks include oral pathology, oral medicine, and oral diagnosis; emerging concepts and innovative therapies; implant surgery and prosthetic rehabilitation; and periodontal plastic and soft tissue surgery.
“With a roster of periodontics’ sharpest minds leading our many courses and events, this year’s Annual Meeting is set to be a gathering of our specialty’s best and brightest from around the world,” says Steven R. Daniel, DDS, president of the AAP. “Attendees will have the opportunity to curate their experiences, and with the return of our Dental Hygiene Symposium, Student and New Periodontist series, and the Insurance Coding Workshops, there’s something for everyone in the field.”
Highlights of the 104th Annual Meeting include the following:

• Endeavor to Succeed at the Opening General Session: Captain Mark Kelly, who spent more than 50 days in space aboard the Space Shuttles Endeavour and Discovery, will share insights on leadership, teamwork, and success during the meeting’s keynote address on Sunday, Oct. 28. 

• Proceedings from the 2017 World Workshop on the Classification of Periodontal and Peri-Implant Diseases and Conditions: Members of the Workshop’s organizing committee will discuss findings from the recently updated disease classification. This ticketed event, which takes place on Oct. 29, will highlight the newly developed staging and grading model for classification as well as the update’s implications on patient care and dental education. 

• All-new Speaker Studio: Located in Exhibit Hall booth 533, the Speaker Studio provides a unique opportunity for attendees to interact with speakers and moderators throughout the meeting. Course presenters will be on hand for post-session conversations and Q&A in an intimate, small-group setting.

• Exhibit Hall: At the center of the action will be the meeting’s Exhibit Hall, where more than 300 booths will showcase an array of products and services.

To register for the 104th Annual Meeting, to view the complete Advance Program, or for more information, please visit, call 1-800-282-4867 ext. 3213, or email

Registration fees for media representatives attending the AAP’s 104th Annual Meeting will be waived, granting access to all non-ticketed sessions and seminars. Presenters and AAP representatives will be available for on-site interviews and photo shoots, which must be scheduled in advance with AAP Public Relations staff. For press credentials, contact the Academy’s Public Relations Department at 312-573-3243 or 

About the American Academy of Periodontology
The American Academy of Periodontology (AAP) is an 8,200-member professional organization for periodontists—specialists in the prevention, diagnosis, and treatment of inflammatory diseases affecting the gums and supporting structures of the teeth, and in the placement of dental implants. Periodontics is one of the nine dental specialties recognized by the American Dental Association.

Tuesday, August 7, 2018




Quantum Dental Technologies presented findings of a study at the 96th General Session of the International Association for Dental Research (IADR) in London England.   This study found that The Canary System® can detect caries under the intact margins of glass ionomer and compomer restorations more accurately than Spectra, DIAGNOdent and visual examination. 


Finding caries beneath intact restoration margins is a challenging clinical problem.  Glass Ionomer and Compomers are radiopaque and reflect light from their respective surfaces.  The study found that visual examination could not detect caries.  The glow or fluorescence from the restorations prevented Spectra from detecting any marginal caries.  DIAGNOdent was unable to consistently differentiate sound from carious tissue at various distances from the restoration margins.  It was able to detect between 20% - 70% of the lesions beneath the restorations depending upon the distance from the margin.  The Canary System was able to detect 91% - 100% of the lesions around the restoration margins.  This study demonstrated that The Canary system is a valuable diagnostic tool for detecting caries that develop around and beneath the margins of glass ionomer and compomer restorations. 


The findings in this study mirror the findings in studies on detection of caries around amalgam, composite, orthodontic brackets and ceramic crowns.  In each of these clinical situations, The Canary System was able to detect over 90% of the lesions beneath these various restorative materials. 


“The Canary System provides dentists with the ability to detect and monitor tooth decay beneath the edges of fillings, crowns and bridges; one of the most common clinical conditions that would lead to the failure of these restorations.  X-Rays can only aid clinicians to diagnose decay on the sides or interproximal areas of teeth.  When a glass ionomer or compomer restorations are placed, x-rays can only detect tooth decay in certain limited areas and not along the visible margins”, said Dr. Stephen Abrams, co-founder of Quantum Dental Technologies.  “Compomers and Glass Ionomer may reduce the incidence of marginal breakdown but caries can still develop.  Early detection of tooth decay, before it is seen on an x-ray or detected with visual inspection means that dentists can treat problems before the decay has destroyed large amounts of vital tooth structure.” 


The Canary System, with its unique crystal structure diagnostics, can, quantify, image, monitor and record changes in the structure of enamel, dentin and cementum. It can detect caries beneath opaque sealants, around the margins of restorations, around orthodontic brackets and beneath interproximal, occlusal and smooth surfaces. The Canary Cloud enables dentists to view and analyze this data and track Canary usage in their office.


Visit or email to request additional information.

Monday, August 6, 2018

SamSam Ransomware is at $6 Million and Counting...

The SamSam ransomware is doing a pretty good business in the healthcare sector.  About 75% of victims were in the U.S. and 26% of those happened in the healthcare industry.
The big news is that 223 of the victimized organizations paid the ransom.
For long time readers of the blog, you know how I feel about IT security.  You simply cannot be too cautious anymore.  There are lots of ways for the bad guys to get into your system and you need to prepare your staff and your network for possible intrusions, including social engineering.
According to Healthcare IT News: SamSam is spread through the web, Java apps and other web-based apps. And once it’s in the system, it spreads without malicious emails. While the virus can be stopped if detected before it gets into the system, it’s over once it has breached the network.
There is a great report from the cybersecurity firm Sophos regarding this particular piece of malware.  If you are into this kind of info, it’s definitely worth a read.
In a nutshell, do everything you can to be prepared for an attack.  The best defense is good reliable backups.  In that regard, check out DDS Rescue.  

Thursday, August 2, 2018

FIRST and LEGO Education Ready for Liftoff with Space Challenges

FLL Logo.png
For years now I’ve been a fan of FIRST Lego League.  The FLL teaches kids about robotics and programming in a friendly competitive environment that teaches kids amazing skills that allows those interested in STEAM to expand their horizons.  I’ve even been lucky enough to attend some FLL competitions and they are amazing.  The ability of youngsters to utilize technology is truly incredible.
Now come word that FLL is working on helping kids explore the challenges of liming and traveling through space.  Here is the press release:

― FIRST® (For Inspiration and Recognition of Science and Technology), an international, K-12 not-for-profit organization founded to inspire young people’s interest and participation in science and technology, announced that the 2018-2019 FIRST LEGO League and FIRST LEGO League Jr. seasons task students to explore the challenges of living in and traveling through space.

“Each year, FIRST LEGO League Jr. and FIRST LEGO League design real-world challenges that fuel children’s natural curiosity and appetite for discovery,” said Kim Wierman, director of FIRST LEGO League Jr. and FIRST LEGO League at FIRST. “The concepts they are already learning in school are reinforced in fun and playful applications. Space is a topic that sparks curiosity among students of all ages, and over the course of the season, our students will learn the value of teamwork and collaboration that is so essential to modern space travel.”

For the FIRST LEGO League Jr. MISSION MOONSM and FIRST LEGO League INTO ORBITSM Challenges, FIRST collaborated with experts in the fields of aerospace education, astrogeology, human physiology in space, space exploration technology and more. These experts made up the Challenge Advisory Team, which included representatives from European Space Agency, NASA, Buzz Aldrin Space Institute, International Planetarium Society and U.S. Geological Survey, among others. These specialists collaborated with FIRST to create a theme and challenge missions that reflect the physical and social problems associated with long-duration space flight.

Team registration for both programs is now open.

The 2018-2019 MISSION MOON Challenge will reach over 85,000 children, ages 6-10, from 55 countries and help them learn about the Earth’s moon and what is needed to live there.

“Space is exciting because it’s the last frontier that we haven’t explored totally,” said Patrick McQuillan, of the International Planetarium Society, who served as a consultant on the development of the challenge. “In order to explore space, technology has to be developed that doesn’t exist. So that inspires engineers to develop those things to get us to the moon or to Mars to try to live there.”

Each year since 2004, FIRST LEGO League Jr. presents a new and exciting challenge to ignite creativity in young children. This year, while exploring the real-world theme of space, teams will use LEGO® Education WeDo 2.0 to build and program a model that moves, learning basic engineering and programming concepts. They will also illustrate their research through a Show MePoster. Throughout their experience, teams will operate under the signature set of FIRST Core Values, which emphasize discovery, inclusion, innovation and fun.

As part of the annual registration fee, teams receive an exclusive LEGO Education Inspire Set containing 700+ LEGO® bricks and elements teams can use to construct their team model. In this set will also be a yearly model – a rocket for this season – that serves as a starting point for teams.

In the 2018-2019 INTO ORBITSM Challenge, roughly 320,000 children, ages 9 to 16*, from nearly 100 countries will explore how to solve the physical and social problems associated with long-duration space flight, and propose solutions for any issues they identify.

“The universe is almost infinitely large. There are so many possibilities, opportunities, and exciting discoveries waiting for us in the future,” said Danish astronaut Andreas Mogensen, who was among the experts FIRST and LEGO Education consulted in developing the challenges. “And that, to me, is what space exploration is all about:  opening the door and seeing what’s on the other side.”

FIRST LEGO League challenges kids to think like scientists and engineers. During the INTO ORBIT season, teams of up to 10 students will choose and solve a real-world problem in an open-ended project. Teams will also build, test, and program an autonomous robot using LEGO® MINDSTORMS® technology to solve a series of space-themed missions as part of the Robot Game, which include: growing food in space; fighting muscle atrophy in orbit; collecting samples; and more. The exclusive LEGO models that line the field were inspired by the stories and experiences of STEM professionals who represent the many fields and roles needed to send humans to space. Throughout the season, teams will operate under the signature set of FIRSTCore Values, celebrating discovery, innovation, inclusion and fun.

*ages vary by country

FIRST LEGO League Jr. and FIRST LEGO League are two of four international K-12 STEM (science, technology, engineering and math) robotics programs in a Progression of Programs offered by FIRST®.

This season, FIRST LEGO League anticipates over 40,000 teams will compete in more than 1,450 Qualifying and Championship Tournaments globally. Select teams will be invited to participate at two FIRST LEGO League World Festivals, to be held in conjunction with the FIRST Championship, April 17-20, 2019, in Houston, and April 24-27, 2019, in Detroit.

LEGO Education is a founding partner of FIRST LEGO League Jr. and FIRST LEGO League. FIRST LEGO League Jr. receives global support from LEGO Education. FIRST LEGO League is delivered annually through the support of global sponsors LEGO Education, 3M, NI and Rockwell Automation.

Wednesday, August 1, 2018

The 5 activities you don’t want to miss at Dentsply Sirona World 2018

DentsplySirona logo.png
From live procedures on the tradeshow floor to hearing Katy Perry “roar,” here are the must attend events and activities to mark on your Dentsply Sirona World 2018 calendar
Dentsply Sirona World 2018 is right around the corner and tickets are selling fast! Every year, the Ultimate Dental Meeting is the most exciting and educational event in the dental industry. Whether you’ve already signed up or are getting ready to, here are the five things you won’t want to miss at Dentsply Sirona World 2018! 

1) Be the best by learning from the best

More than 90 of the dental world’s best and brightest are offering classes in 12 unique educational tracks, including a new Dental Assisting and Hygiene track. These speakers will educate attendees on the latest methods and technology, while also providing insight on what is shaping dentistry today. This is a chance to earn continuing education credits in an incredibly captivating environment with a grassroots’ effort to spread the most innovative ideas in dental.

“No other event offers this much knowledge and years of dental experience under one roof,” said Vice President of Marketing Ingo Zimmer. “This is a truly unique opportunity to learn from the brightest minds in our industry.”

All attendees can sign up NOW for their preferred breakout sessions.

1) Be the best by learning from the best

More than 90 of the dental world’s best and brightest are offering classes in 12 unique educational tracks, including a new Dental Assisting and Hygiene track. These speakers will educate attendees on the latest methods and technology, while also providing insight on what is shaping dentistry today. This is a chance to earn continuing education credits in an incredibly captivating environment with a grassroots’ effort to spread the most innovative ideas in dental.

“No other event offers this much knowledge and years of dental experience under one roof,” said Vice President of Marketing Ingo Zimmer. “This is a truly unique opportunity to learn from the brightest minds in our industry.”

All attendees can sign up NOW for their preferred breakout sessions.

2) Get a history lesson from an award-winning author

It’s not every day that you get a chance to listen to a world-renowned presidential historian and Pulitzer Prize-winning author speak directly to you. On Friday afternoon, Sept. 14, Doris Kearns Goodwin takes the stage to present Dentsply Sirona World 2018’s keynote address.

Goodwin was awarded the Pulitzer Prize in history for “No Ordinary Time: Franklin and Eleanor Roosevelt: The Home Front in World War II,” and is the author of the best sellers “Wait Till Next Year”, “Lyndon Johnson and the American Dream” and “The Fitzgeralds and the Kennedys,” which was adapted into an award-winning five-part TV miniseries.

3) Meet the experts on the tradeshow floor

The tradeshow floor at Dentsply Sirona World is always THE place to be when guests are not attending groundbreaking educational sessions. Attendees will get hands-on experience with the latest innovations and be the first to hear about new product launches. Make sure to catch live interviews with the experts at the media panel or see cutting-edge technology at work in the live procedure area.

The tradeshow floor is always great for networking, so make sure to swing by to meet and mingle with the industry’s influencers, key opinion leaders and old friends from previous events.

4) Let loose and party with big name stars!

Guests are definitely going to want to keep their Thursday and Friday nights clear! Dentsply Sirona is treating attendees to private shows from Grammy-nominated comedian, actor, writer and producer Jim Gaffigan and Grammy-nominated global Popstar Katy Perry. Gaffigan will have you rolling on the floor with laughter on Thursday, Sept. 13, while you can sing along to your favorite songs with Perry on Friday, Sept. 14.

The fun doesn’t stop there! Throw on your dirndl or best pair of lederhosen and come party Oktoberfest-style at the Ultimate Dental Meeting’s closing party on Saturday, Sept. 15. This is the perfect send-off after spending three days learning from and meeting industry leaders.

5) Find your inner peace and let out your inner warrior

Attendees have the opportunity to work on their minds and bodies in a fun-spirited and upbeat environment with Dentsply Sirona World 2018’s free wellness activities!

Throw on your best costume and prepare to dual the competition at the medieval-themed three-mile fun on Friday, Sept. 14 at 6 a.m. This is a great way to take in the beautiful scenery of the Rosen Shingle Creek Resort and its impressive championship golf course. The first 300 participants to finish receive an official Dentsply Sirona World 2018 bottle blender. The fun run is an untimed event and open to runners and walkers of all ages and abilities.

If you’re looking for something more relaxing, some of the best yoga instructors in Orlando are leading a class for all skill levels at the outdoor terrace on Saturday, Sept. 15 at 7 a.m. Overlook the resort’s pools and golf course, as you get a modern twist on the traditional yoga class from YOGA MIX! Orlando. The first 300 attendees receive a free Dentsply Sirona World 2018 yoga mat, which will be handed out the morning of the event for use during the class.

Hosted at the Rosen Shingle Creek in Orlando from Sept. 13-15, Dentsply Sirona World truly offers an experience like no other in the dental field. Register now at or contact the Dentsply Sirona World hotline at 1-844-462-7476 or email