Your Cloud Dental Software Is Not a Backup

Is my cloud dental software the same as a backup?

No. Your cloud dental software is a service that runs your practice; a backup is an independent copy of your data that you can restore on your own. Those are different jobs, and confusing them is one of the most common and most expensive assumptions a dental practice makes.

When a vendor hosts your practice management system (PMS), they take on the infrastructure: servers, patching, network uptime, and keeping the application reachable. That is genuinely valuable. But "the application is up" and "I have a recoverable copy of every patient record" are not the same statement. The first is about availability. The second is about ownership and recovery.

What is the shared-responsibility model?

The shared-responsibility model is the principle that the cloud provider secures the platform while you stay responsible for the data you put on it. Almost every SaaS contract works this way. The provider promises the lights stay on. You are still the party accountable for the data surviving deletion, account compromise, and the day you decide to leave.

This matters because most dentists read "cloud" as "someone else handles backup." In practice, the vendor handles their continuity, designed to bring the whole platform back after a disaster on their side. That is not the same as restoring the one chart your front desk deleted on Tuesday, or handing you a clean export when you switch software.

What does a hosted PMS protect, and what does it leave to me?

Here is the gap laid out plainly. A hosted PMS providing uptime and infrastructure is not the same as you holding an independent, restorable, exportable backup.

Risk	Covered by your cloud PMS provider?	Your responsibility
Hardware failure of the provider's servers	Yes, this is what hosting is for	Confirm it in the contract, not assume it
Provider-side ransomware or major outage	Their continuity plan, on their timeline	An independent copy you can use while they recover
Accidental deletion by a staff member	Rarely, and often only within a short window	A restorable point-in-time copy you control
Malicious insider or compromised account	Generally no, the action looks authorized	Off-platform backup the bad actor cannot reach
Data export or portability if you leave the vendor	Varies, sometimes limited or fee-gated	Your own exportable copy in a usable format
Retention beyond the vendor's window	Only as long as their policy allows	Backups that meet your state's retention law
Point-in-time restore of a single record	Often not offered at all	A backup with granular, record-level recovery

Look at the right-hand column. None of those are things a hosting provider's uptime guarantee solves. They are all about you holding a separate, independent copy.

Why one hosted service is a single point of failure

In February 2024, Change Healthcare, which processes roughly 40% of US medical and dental claims, was hit by ransomware. The disruption to claims ran for weeks . Practices that depended entirely on that one hosted pipeline could not get paid until it came back, and they had no parallel path of their own.

That is the structural lesson, not a one-off. When your data and your ability to operate both live inside a single hosted service, that service's worst day becomes your worst day, on their schedule. An independent backup does not prevent the vendor's outage. It does give you a copy of your records you can read, restore, and work from while the vendor recovers.

The threat climate makes this less theoretical every year. Healthcare ransomware rose roughly 58% in 2025, with dental and other secondary targets making up about 26% of incidents . And of the organizations that paid a ransom, only about 2% recovered all of their data . Paying is not a recovery plan. A backup is.

What does a real backup actually look like?

A real backup is a separate, restorable copy of your data that survives events the original system does not. In practice that means a few properties working together:

• Independent and off-site. Stored apart from the production cloud, so the same incident cannot take out both copies at once.
• Immutable, write-once. Once written, the copy cannot be altered or deleted within its retention window, which is what defeats ransomware and malicious insiders.
• Application-consistent and granular. Captured so the data is internally coherent, and recoverable down to a single record or point in time rather than all-or-nothing.
• Encrypted and HIPAA-aligned. Protected in transit and at rest, under a Business Associate Agreement with whoever holds it.
• Exportable. In a format you can actually use, including the day you change vendors.

DDSArk is built to be that independent third copy of your hosted dental data: it captures your practice data and stores it as an immutable, encrypted, off-site copy under a HIPAA BAA, managed for you. This is the gap between "the vendor keeps the service running" and "I can get my data back no matter what happens to the vendor."

A dental practice does not need to imagine the alternative outcome. True Dental Care in Pennsylvania was hit and restored from its backups rather than paying the attackers . That is the whole point of holding your own copy: it turns a catastrophe into an inconvenience.

So what should a practice do next?

Start by asking your PMS vendor three specific questions, in writing: Can you restore a single patient record from last Tuesday? Will you export my full dataset in a usable format if I leave? How long do you retain my data after an account closes? The answers tell you exactly how big your gap is.

Then close it with an independent backup that you control. If you are weighing whether a hosted backup can be compliant in the first place, read Is Cloud Backup HIPAA Compliant?. And to size how long those copies need to live, see How Long Must Dental Practices Keep Patient Records? State-by-State. Your cloud software runs your practice today. A backup makes sure you still have a practice to run tomorrow.