Last December, a front desk coordinator at a Salt Lake City dental office received a text from their “doctor” asking her to run out and grab $2,000 worth of Apple gift cards as a holiday gift for referring specialists. A little odd? Sure. But it was the week before Christmas, the phones were ringing nonstop, and the message came from a number she didn’t recognize—but it was signed with the doctor’s name. By the time she realized it was a scam, the codes had been sent, and the money was long gone.
That scenario may feel like a small loss, but a single holiday-season scam can do far worse damage. Around the same time, a national dental group with a handful of clinics in the Mountain West became the target of a more sophisticated cyberattack. A back-office team member received emails from a "vendor" asking to update their banking details for end-of-year ACH payments. The emails looked legit—same language, same email signature—and they were busy with insurance reconciliations and closing December books. The result? Over $300,000 wired directly into a criminal account.
Think this only happens to big hospitals or massive DSOs? Think again. Dental offices are among the top targets for cybercriminals because of the value of patient data and the chaos of year-end operations. In 2024 alone, business email compromise (BEC) attacks accounted for 73% of cyber incidents. And yes, that includes small-to-midsize practices right here in Salt Lake City.
5 Holiday Scams Your Dental Team Needs To Watch Out For
- "Your Doctor Needs Gift Cards"
The Scam: Bad actors pose as the dentist or office manager via text or email, requesting gift cards for team gifts, holiday raffles, or thank-yous to referrals. This is one of the most common BEC tactics used against dental practices during Q4.
Prevention Tip: Create a written office policy stating that all gift card purchases require verbal confirmation from two team members—no exceptions. And make it crystal clear: your doctor will never ask for gift cards via text.
- Fake Vendor Payment Changes
The Scam: A cybercriminal hacks or spoofs a vendor’s email account to send "updated banking info" right before end-of-year payments are due. These often involve lab services, supply reps, or tech vendors.
Prevention Tip: Establish a "Call-to-Confirm" rule: Any time a vendor requests a change to payment or bank info, call the contact on file—not the number in the email—before processing any payments.
- Bogus Shipping Notifications
The Scam: Phishing emails or texts that look like they’re from FedEx, UPS, or USPS, claiming there's a holiday delivery delay or missed package.
Prevention Tip: Remind your team never to click on shipment links from unsolicited texts or emails. Instead, use direct bookmarks to carriers' official tracking pages.
- Malware in "Holiday Party" Files
The Scam: Emails with attachments labeled "Holiday_Party_Schedule.pdf" or "Secret_Santa_List.xls" that carry malicious code, often disguised as Word or Excel documents.
Prevention Tip: Set up your email security to auto-scan all attachments. Train staff to verify unexpected holiday-related attachments with the sender before opening.
- Fake Charity Drives
The Scam: Fraudsters set up phony donation pages or impersonate real charities, sometimes posing as part of a "company match" initiative.
Prevention Tip: Give your team a list of vetted local and national charities. Any donations should be made via secure platforms, not links sent in emails.
Why These Scams Work (And Why Dental Offices Are Prime Targets)
Your practice runs on fast-moving communication, cloud-based systems, and email-heavy workflows. That means your staff is navigating patient check-ins, billing, scheduling, and vendor requests—all through digital platforms. Cybercriminals know this. And during the holiday season, with schedules packed and staff attention stretched thin, their timing is perfect.
Let’s be clear: These aren’t amateur scams. They’re highly researched, professionally written, and tailored to look exactly like your vendors, referral partners, and even your own office manager.
The best defense? Awareness training and technical safeguards that work behind the scenes without bogging down your day.
Your Dental Cybersecurity Holiday Checklist
Before the December madness hits full speed, every Salt Lake City dental office should:
- Require Dual Verification for Payments: Especially for wire transfers or vendor payments over $1,000.
- Lock Down Gift Card Purchases: Put a policy in writing. No verbal policy = no protection.
- Call to Confirm Vendor Banking Changes: Never rely on email instructions alone.
- Enable Multi-Factor Authentication (MFA): On all email, billing, and cloud-based dental systems.
- Train Your Team: Hold a 30-minute lunch-and-learn to walk through these top five scams.
What’s Really at Stake (Beyond the Money)
Yes, financial loss hurts—but a cybersecurity incident during the holidays can do more than just drain your bank account:
- Practice shutdowns during peak insurance billing season
- Loss of trust with patients if their PHI is compromised
- HIPAA violations that lead to audits or fines
- Stress on your team, especially if they feel responsible for clicking the wrong link
The average cost of a business email compromise incident is now over $129,000. For dental practices, it’s not just about the money—it’s about downtime, chaos, and the long-term hit to your reputation.
Stay Secure This Holiday Season
The holidays should be about celebrating your practice's wins, not cleaning up IT messes. With a few proactive policies, some basic cybersecurity hygiene, and a trusted IT partner who understands the unique needs of dental offices, you can keep your systems safe without losing sleep.
At Qual IT, we specialize in managed IT services for dental practices right here in Salt Lake City. From HIPAA-compliant data security to vendor communication protocols, we make sure your systems "just work."
Click here to book your free network assessment and let’s make sure you enter the new year protected, confident, and stress-free.
Because the best gift you can give your dental practice this season is peace of mind.
