The 23andMe Data Breach – A Wake-Up Call for Dental Practices in Cybersecurity


Raise your hand if you reuse any passwords on multiple online accounts.
Despite the increase in cyber attacks, 85% of people still reuse passwords across multiple sites, putting their security at risk.
Bitwarden – 3rd Annual Password Management Study 2023
Understanding the simple mistake that puts 6.9 million people at risk.
In October 2023, the genetic testing company 23andMe experienced a significant data breach, impacting 6.9 million individuals.
Surprisingly, this breach was not due to a failure in their internal systems, but a result of credential stuffing which is simply achieved by knowing that many people still reuse passwords.
Hackers used stolen login information from other sources to access 23andMe accounts, demonstrating a growing threat in cybersecurity.
When login credentials are compromised on one online account, bad guys know they can use these credentials on other accounts because reuse across online accounts is so common.
Watch this 1 minute video – The impact of credential stuffing.
Why is This Relevant to Dental Practices
So what does this have to do with dental practices? While 23andMe is not a dental practice, the lessons from this breach are highly pertinent. Dental practices, like any other organization that handles sensitive data, are vulnerable to similar attacks because many employees are still reusing passwords. Human error accounts for most successful cyber attacks.
The simplicity of the attack method – using known usernames and passwords – is a stark reminder of the importance of basic cybersecurity measures and strong policies.
The Importance of Simple Training and Password Management
- Educating Your Team: Annual cybersecurity awareness training is important for privacy compliance, but it can also save your practice. Your team should understand the risks of credential stuffing and the importance of using unique, strong passwords for each account.
- Implementing Strong Password Policies: Encourage the use of complex passwords and regular password changes. Tools like password managers can aid in creating and storing strong passwords, reducing the risk of using repeated or simple passwords.
- Multi-Factor Authentication (MFA): Following the breach, 23andMe enforced MFA for all users. Dental practices should also consider implementing MFA. This adds an extra layer of security, making it more difficult for unauthorized users to gain access even if they have the password because it also requires that a code be activated from a text, email, or authenticator app.
- Regular Security Audits: Conduct regular audits of your cybersecurity practices. This includes checking for outdated software, ensuring that firewalls and antivirus programs are up to date, and training staff on the latest cybersecurity threats.
- Creating a Culture of Security Awareness: Make cybersecurity a part of your practice’s culture. Regularly discuss the importance of security, share updates on new threats, and encourage a proactive approach to cybersecurity.
One Simple Change – Big Impact
The 23andMe data breach is a stark reminder of the importance of basic cybersecurity practices. In the dental industry, where patient data is both sensitive and valuable, it’s crucial to prioritize cybersecurity. Simple measures like effective training, strong password policies, and the use of MFA can significantly reduce the risk of a data breach.
Remember, cybersecurity is not just about technology; it’s about creating a culture of awareness and vigilance.
While you’re here, read this critical alert about Microsoft and Google Scams: https://myla.training/general/microsoft-scams-dental-practice-alert/
Together we can make dentistry safer online.
Stay Safe – Get Training From Canada’s Dental Cybersecurity Experts
If you haven’t already, take the Cybersecurity Essentials for Dental Teams course to ensure you have the skills and confidence to navigate safely online to protect patient and personal data.

Anne Genge, Certified Information Privacy Professional, Certified Healthcare Cybersecurity Professional, Certified Healthcare Security Risk Assessment Specialist
Anne is the founder of Myla Training Co., Canada’s first-ever online privacy and cybersecurity training platform for dental professionals. With over two decades of experience, Anne has become a leading expert and trainer in this field. Anne collaborates closely with practice owners, managers, dental teams, and IT providers to ensure the safety of patients and practice data while enabling compliance with privacy regulations.
Anne can be reached at anne@myla.training or call 877-363-9229 x702
