Chris (00:03.88)
Okay, here we go. All right, everyone, welcome back to the show. Today we’ve got a heavyweight in the dental technology world. Daniel Desteno is the president and founder of Nova Computer Solutions, one of the top dental focused IT and cybersecurity firms in the country. He’s been in the game for over 25 years. He’s a longstanding member of the Dental Integrators Association.
And if you talk to anyone in the dental industry about IT, Daniel’s name is probably going to come up pretty quickly. Now his team works exclusively with dental practices and DSOs, helping them eliminate downtime, tighten up cybersecurity and build IT systems that actually support growth instead of slowing it down, which is always great. So if you’ve ever dealt with tech chaos, random outages, or a kind of constant fear of a cyber attack,
hitting your practice, this is the guy you want in your corner. Daniel, thanks for being here.
Dan De Steno (01:07.188)
Thanks for having me, Chris.
Chris (01:09.142)
Of course. Well, let’s jump right in. Why don’t you tell me about the number one mistake that you think dentists make in their practice right now.
Dan De Steno (01:18.611)
Chris, would probably say the number one thing we hear or the mistake that we hear the most is just a small dental practice. Nothing’s going to happen to me. And that mindset, and that could be from anything from compliance to cybersecurity to ensuring that your backup is running correctly.
Chris (01:29.198)
Hmm.
Dan De Steno (01:46.694)
We hear that, unfortunately, more often than what we really should.
Chris (01:51.808)
Yeah, I think that’s a really important factor, especially when we’re talking about HIPAA related stuff. And we’ll get to that more in a second. But what specific cyber threats are hitting offices the most right now?
Dan De Steno (02:06.413)
You know, what I would say when we talk to practices, we’re talking about the education of their team because it really doesn’t matter what’s attacking right now. If your team knows what to look for on the standard cybersecurity items, that’s going to exponentially protect the practice and provide more cyber resilience to the practice.
If I can give a bit of an example from that, if your team knows what to look for or even has some of the standard email tools that can verify that the Citibank email, a wire transfer that you just received was actually from Citibank and not from a Gmail address. If your team knows to do that and you’ve provided them the tools to be able to do that, they’re that first line of
fence of keeping all of those evil things coming into your office. So if I would say anything, absolutely. Making sure that your team is educated, that is working on those computers on a daily and consistent basis so that they know what to look for and what not to click on.
Chris (03:25.846)
Yeah, yeah, we had something similar like that actually here in our agency. it’s, you know, there’s so many different kinds of phishing scams and, you know, they started sending emails, for instance, from me, two employees asking them to go get gift cards and stuff. It was kind of crazy, but, and we’re a very small business. So, you know, I think that these attackers are just
kind of, you know, they know they can make quick bucks maybe even off smaller practices or smaller companies too. Would you agree with that?
Dan De Steno (03:58.007)
Absolutely. The mindset that we’re just a small practice, that means that you’re an easy target in the reality of things unless you’re acting like you’re a bigger practice or not even acting like it. You’re just putting the required items for HIPAA compliance in place. As murky as the HITECH Act or the Omnibus law and what is…
Chris (04:04.61)
Yeah.
Chris (04:16.482)
Yeah.
Dan De Steno (04:27.737)
what’s compliant, what’s not compliant, it isn’t really clear to the average dentist. And besides that, there’s technology on top of that, which might be even more of a challenge. making sure that you are complying and using some best practices, talking with a good IT company, an MSP or an MSSP, that can give you some good guidance, I think is really critical, regardless of the size of the practice.
Chris (04:33.174)
Right. That’s yeah.
Chris (04:55.052)
Yeah. Do you feel as though that there’s an increased, like for instance, dental practices or healthcare is being attacked more maybe than just regular small businesses or is it just kind of equal share?
Dan De Steno (05:08.921)
That’s a great question. And I would say that dental practices, medical practices are a more prime target because of the value of a complete medical and dental record. So if I can put together Dan Disteno’s dental record from his dentist, and then I was able to somehow exfiltrate Dan Disteno’s medical record, now I have all this information. That is a much, much more valuable
a piece of data to sell on that black market because it’s a complete record. It’s been, it’s been a, it’s probably been about a year. The last time that I saw the value of a complete medical and dental record on the dark web was somewhere between 650 and $750. So there is a lot of each, you know, imagine a dental practice that has 4,000 patients.
Chris (05:58.76)
Each. Wow.
Dan De Steno (06:05.827)
You know, imagine your big hospitals or even your smaller clinics that have thousands and thousands of patients. There’s a lot of value in that data because it’s not just your medical, it’s your social security, it’s your insurance information, it’s your address, very well may be credit card information or some other ACH information. So there’s just a lot of value where you’re not necessarily going to get that same information in your target account or your, you know,
Chris (06:32.877)
Yeah.
Dan De Steno (06:35.063)
not to try and pick on target or anything, just something more consumer.
Chris (06:36.792)
Hahaha!
Chris (06:40.684)
Yeah, yeah. No, that totally makes sense. Cause if you’re going to order a pizza, you know, you’re not going to have pretty limited information. but your healthcare records are going to be much more detailed. So it totally makes sense to me. let’s talk a little bit about HIPAA cause you know, we, we have to comply with HIPAA stuff too on the marketing side of things, just because you know, any, you know, any sort of information regarding patients, really needs to be protected. But what
What should practices actually be doing, would you suggest, for HIPAA compliance regarding just IT in general?
Dan De Steno (07:17.907)
a lot of the low hanging fruit. So I was on a discovery call this morning with a practice, an endodontist that doesn’t send any patient health information in a secure and encrypted way. Their team doesn’t have individual usernames and passwords on the computers. Still running Windows 10 computers without any sort of extended security update.
even though Windows 10 died here in October. And so those are the things that we’re seeing that can get a practice into trouble very, very quickly. And at the end of the day, if OCR, the Office of Civil Rights comes in and does an investigation and it’s all of this low hanging fruit type of items.
they’re going to have findings. They’re going to put you in some sort of a remediation plan and or find the practice. And what we see is we see a lot of that from disgruntled employees or disgruntled patients that have a little bit of awareness and going to that practice that it’s a small practice in their mindset is, it’s never gonna happen to us. Well, there’s two sides of that compliance. There’s the evil on the other side.
Chris (08:19.534)
Yeah.
Chris (08:28.632)
Yeah.
Dan De Steno (08:41.369)
And then there’s the legal requirement that you have because you have care custody and control of patient health information. So there’s two sides of that.
Chris (08:49.559)
Right.
Chris (08:53.676)
Yeah, interesting. Yeah, you know, I’ve always heard, maybe you know this, I don’t know, but I’ve always heard that if somebody files even a question or a complaint with them, they have to investigate at least a preliminary investigation. Is that true? Have you heard that?
Dan De Steno (09:12.969)
I haven’t heard specifically that, but I did, I guess it’s been about a year that Healthy Human Services and OCR announced that they are doing more and more investigations. I think it’s fair to say that during the years of COVID, our government gave out a lot of money to keep companies and businesses alive.
Chris (09:29.699)
Yeah.
Chris (09:38.317)
Yeah.
Dan De Steno (09:41.602)
we only generate revenue through taxes and fines. And so I think there’s the other side of this is we need to start to generate some of that revenue that we gave away so many years ago to help sustain, know, to help us sustain our economy. I think it was probably a good thing. It certainly helped the economy, but I do anticipate seeing more and more investigations in fines and penalties as time goes on because…
the odds are that there are only going to be increased breaches in situations like this.
Chris (10:15.778)
Yeah, in your experience, let’s say you do get audited. I don’t even know if audit’s the right word, but maybe so. How can practices prepare for that? And is there anything that can be prepared for?
Dan De Steno (10:28.473)
You know,
practices really should just do their best. Even in a scenario where I mentioned just a few moments ago that Windows 10 had its end of life with Microsoft back in October. And so it is no longer a HIPAA-compliant operating system unless you have the Microsoft Extended Security updates running on that computer. And so in a scenario like that where you have the ability to extend that life and to be compliant,
and let’s say you chose not to, that’s a situation where I think they’re going to be less likely to just give you a slap on the wrist when you’re knowingly not doing the things that you should be doing from this and doing the best you can. You can’t ignore these requirements and come out of this okay.
But if you have a plan, let’s say you have 25 Windows 10 computers, you can’t replace those right now, but you have a year long plan where we’ve written out that we’re gonna replace two computers a month over the next 10 months or whatever it might be, that’s good enough because Health and Human Services doesn’t expect you to have $30,000 to replace those 25 computers. So as long as you’re taking the right steps in trying to do the right thing,
Chris (11:34.734)
Yeah.
Chris (11:39.512)
Yeah.
Dan De Steno (11:58.082)
I don’t see the hammer coming down on anybody that’s trying. We’re all reasonable. And there are so many practices that strive to be 100 % compliant, but that sometimes and not in all situations can be achieved.
Chris (12:14.124)
Yeah, I mean, what is 100 % compliance? Do you feel as though there is some gray area and some things left for interpretation?
Dan De Steno (12:22.073)
You know, I do, there’s anything from the physical security compliance to the logical side, the cyber side. There are so many areas that if you’re trying to do your best, I think that’s enough. It’s the folks that are saying, just go ahead and Gmail their x-rays, their chart information.
Chris (12:47.0)
Yeah.
Dan De Steno (12:50.787)
Those are the folks that, that, you know, that’s, that’s who should be investigated and should be, you know, put on a corrective action so that they’re protecting their patient data. Cause that’s what this is all about. It’s not the practice. It’s the patient data, which ultimately is the practice in a lot of situations. If there is a breach, you, you have all that, that patient attrition after a data breach. And is that practice sustainable? Because you know,
you found out that your practice was breached and the practice has to go into a remediation plan and all the costs associated with that, especially if you don’t have insurance.
Chris (13:30.508)
Yeah, exactly. So this is a loaded question. So I know you probably can’t get too detailed here. But what does a modern, properly set up dental network look like?
Dan De Steno (13:44.298)
That’s a great question. And I’m going to use a bit of an analogy for you. Think of cyber resilience as a big red or yellow Vidalia onion. You have that big onion in front of you on the cutting board and you cut it in half. And you turn it and you look at it, the center of it.
And you see ring after ring after ring all the way down into the center, that center portion of the the onion. Are you with me so far? Think of cyber resilience as each one of those rings. So the outside ring, maybe that’s your network security appliance. Then individual usernames and passwords is another ring. Employee cybersecurity training is another ring.
Chris (14:18.605)
Yeah.
Dan De Steno (14:36.939)
an MDR solution, which is a managed detection and response software is one and XDR is another all the way down into that center. So if you have an onion and that onion is your practice and a threat actor comes in and attacks it and whacks it with a knife, it may cut in a couple of layers, but it’s not going to go all the way through because you have all different layers of resilience to protect your
ultimately your data and your network.
Chris (15:08.918)
Yeah, that’s a good analogy.
Yeah, I think that makes a lot of sense. I just know how sometimes healthcare providers can be with marketing. I just hope that this IT and security threat is real. And there are ramifications to it. But beyond that, you’ve got to really be responsible with patient records and doing what’s the right things. And I think if you’re trying to plan for this,
you know, like for instance, let’s say you go from one practice to another. are some of the common pitfalls when people try to maybe expand too quickly?
Dan De Steno (15:54.336)
wow. We can go at that from a number of different ways. I would probably say from any practice that is going from a single site to a multi, is that more than, is that? I think your processes are a number one. If you don’t have a solid hold of your processes and how you engage a patient from them just coming to your website all the way through.
Chris (16:04.226)
Yeah, exactly.
Dan De Steno (16:22.457)
post-care and re-engagement for whatever feedback solution or referral request you’re asking of that patient. If you don’t have those processes in place, you’re setting yourself up for a challenging expansion from that standpoint. That would be my first and foremost. Then the second thing for more of a technical side is
Chris (16:44.045)
Yeah.
Dan De Steno (16:51.031)
making sure that you have those standards. You’ve decided that your XYZ practice management software is going to scale with us as large as we plan on growing. And our imaging solution, and then talking about, will there be cross pollination of patients between these practices and will we need to access the data at all of them? And what does that look like? And how large do you want to scale? And so working with
individual for computer practices or working with DSOs and multi-site practices, it’s really, there’s different things that you need to look at at different stages, in that maturity, operational maturity of the practice. But certainly the processes and standardization, I don’t think you’re going to be as successful as you can be without those.
Chris (17:37.9)
Yeah.
Chris (17:47.084)
Yeah, I agree. How often do you think practices should look at upgrading things like servers, computers, imaging equipment, things like that?
Dan De Steno (17:56.122)
That’s an excellent question. A question that we get quite often. My recommendation is a computer should have a three to five year lifespan in a practice. And a server is different. But a computer, your biggest and most robust computer should be in your operatories. They’re the computers that we’re asking to do voice activated charting.
Chris (18:19.374)
Hmm.
Dan De Steno (18:24.011)
intraoral images, extraoral images, x-rays, chart notes, forward probes. We have all these additional ancillary or auxiliary items plugged into it, so they need to be the biggest and most robust. And we recommend those stay in an operatory for three years. From there, those transfer, maybe you have an assistant that helps with treatment plans and is doing some imaging.
maybe you need a good computer in your consultation room, your office manager. And so the computer moves from the operatory to another critical area to the last spot in the office, like the team lounge where the schedule just sits up all day. And then out the door at about that five year mark. Because we have to remember that our software is five years newer than the hardware that you’re asking it to run on. And so to…
Chris (19:21.003)
Exactly.
Dan De Steno (19:24.117)
you know, make sure that we’re utilizing the efficiencies that the software has improved with. You need to do that from a hardware standpoint as well. Servers, you should be able to get about six years out of a server without any real issue. you know, ensuring that you’re planning for that and looking at the age of your computers on a consistent basis and in planning your outages.
or your refresh as opposed to having an unplanned outage or refresh is always a better solution. So looking at being a bit more proactive with the age of your computers will save you problems in downtime and maybe even loss production dollars.
Chris (20:09.206)
Yeah, I think that’s good. I’m going to wrap up here in a minute, but obviously all the buzz now is AI and how it’s affecting not just dental practices, but all businesses. How do you think AI and cloud-based PMS systems, which aren’t as new, how do you think these things and these new technologies will change practice tech over the next five years?
Dan De Steno (20:35.541)
It’s going to be really, I think it’s going to be really incredible. know, AI isn’t just out in Silicon Valley anymore. It’s literally in your intraoral scanners now. It’s helping dentists detect caries, analyze x-rays or radiographs. They even watched a video of a solution that has predictive patient behavior and scheduling where
Chris (20:46.209)
Mm-hmm.
Chris (21:01.944)
Thanks.
Dan De Steno (21:02.553)
It’s analyzing your schedule and where you have openings on a consistent basis and trying to move patients into those to fill that schedule. So I think we’re just scratching the surface from that standpoint. But I also think that dental practices are a little bit slower to adopt. We do work with some medical practices and the technology is a lot lighter.
Chris (21:24.686)
Yeah.
Dan De Steno (21:31.993)
but they’re not doing anywhere near as much as a dentist is. Whether you’re an endodontist and you have a microscope tied into it or you’re an oral surgeon and you have your vitals monitors tied into your practice management software, there’s a lot more that the dental side asks. And I think there’s a slower adoption because there’s so many variables where medical seems to move a little bit quicker.
Chris (21:35.543)
Right.
Chris (21:57.366)
Yeah, yeah, I see that too. OK, well, are there any, I mean, in your side of it, are you consulting businesses or practices right now to do any specific upgrades for AI or is it just kind of wait and see at this moment?
Dan De Steno (22:15.455)
It’s the, what we’re doing more on is probably more on the imaging side right now, where we want to implement an AI solution or some sort of a CAD cam scanner and the devices that we don’t, that we have don’t have the six or eight gig video cards that we need to render those images. So that’s probably where we’re seeing more of the AI push from a, a dental side of the house.
Chris (22:21.708)
Okay.
Dan De Steno (22:44.675)
But I’m sure there’s going to be more from scheduling assistants, call takers to AI, everything is coming. But you think it’ll just be a little bit slower in the dental, which I think is also a good thing.
Chris (22:53.927)
yeah.
Yeah. Yeah, I think so too. Yeah. We’ve seen on the marketing side actually some AI solutions that are coming out and we’ve dabbled with them like, you know, these voice AI agents and you know, all this stuff and some of them aren’t working that great yet because I think, you know, medical health care in general, sometimes people want to talk to a live person. They don’t necessarily want to talk with a, you know, a bot about health care and you know, what they should do or what they shouldn’t do. So
You know, I think there, you know, if you’re ordering a pizza or something, who cares if it’s AI, but you know, healthcare related, there’s people still want to talk to a human as well. So I think that’ll be an important angle for awhile.
Dan De Steno (23:36.73)
It’s the bots not going to give you the sense of comfort or the sense of relief. Okay. I have the appointment or the doctor is going to call it. The body isn’t going to give that human sense that you need when we’re talking about healthcare and dental things, because these are very personal. They’re, don’t know, your daughter’s chipped her tooth and you’re so concerned. You need that personal touch that they’re going to get it taken care of.
and I’ll take care of it myself. It’s important.
Chris (24:06.348)
Yep. Yep. Yep. Totally agree. Daniel, how could somebody listening that’s like, gosh, this describes me as the person not doing anything about any of this. I bet you there’s quite a few. How can they get a hold of you? Maybe check you out more. I know you’ve got a website out there. What’s the best way to reach out to you guys to maybe ask some questions and see if they might be a good fit for you?
Dan De Steno (24:29.315)
You know, I appreciate you asking. Our website is A number one, right on there. www.nothecomputersolutions.com. I’m sure we have it here. We have humans there that are there to chat with you and grab some information. And then we would set up a discovery column and learn about the organization and the challenges that they’re having.
Chris (24:42.35)
you
Chris (24:52.29)
Yeah, awesome. Well, Daniel, that was that was fantastic. Seriously, I mean, every practice needs to hear this stuff and actually take action on it. But technology is really the backbone of a modern dental practice. And, you know, the risks are only getting bigger when you start implementing some of this stuff. So what you covered today, I think, is exactly what a lot of practices are missing. You know, because, you know, things will go wrong and you don’t you always want to be protected or is what you talked about.
at least have a plan to be protected that you can show somebody in case they come knocking. So I appreciate your time today. I’d love to maybe, you know, check back with you in a few months and cause this is going to be rapidly changing, maybe get some updates and just kind of see which way you think the industry is going. If that works for you.
Dan De Steno (25:38.669)
That would be wonderful. I appreciate the opportunity, Chris. This was great. Thank you.
Chris (25:41.546)
Awesome. Awesome. Well, for everyone listening, go and check out Nova Computer Solutions. If you want your IT to actually work, stay secure and stop disrupting your day or maybe your sleepless nights. Daniel and his team are the real deal for sure. So thanks again for joining us today, Daniel, and to everyone tuning in, we’ll catch you on the next episode.
