Protecting Your Practice, Data, and Dentrix System

Security and threats are always evolving, and we are constantly working to update our platforms to be more secure and to address new vulnerabilities. You recently received communications outlining the importance to use secure, approved integrations as part of this effort.   

When you installed the Vyne software on your machine, you granted access to your server and Dentrix instance, giving Vyne the ability to deploy hacking methods more easily. 

Vyne Dental has hacked Dentrix in ways that directly interfere with Dentrix’s core systems, creating serious workflow and billing problems. One example is with eTrans: 

Impact on eTrans: eTrans is Henry Schein One’s internal system that handles critical workflows like eligibility verification and patient billing. Vyne’s software steals user credentials, pretends to be an authorized Dentrix user, and changes the eTrans ID that routes these transactions. 

Immediate consequences: 

• Dentrix cannot route billing or eligibility data correctly. 
• Patient statements may bounce back as undeliverable. 
• Customers must repeatedly contact Henry Schein One Support to reset the ID — but the issue recurs if Vyne’s software is used again. 

Overall result: 

• Ongoing cycles of broken billing and frustrated staff. 
• Increased support volume and costs for all customers. 
• Preventable disruptions caused by unapproved and unsafe access. 

Henry Schein One is making important security enhancements to Dentrix, and we want to make sure you're informed. These updates may affect how certain third-party vendors interact with Dentrix—specifically those not using our approved API program.

We’re rolling out these changes in phases, so you may be hearing from us as part of that process. With a lot of discussion happening around these updates, we wanted to provide some background and help you understand what it means for your practice.

An API (Application Programming Interface) is a secure way for different software systems to share data. For example, it allows approved third-party software to safely pull information from Dentrix or send data back to it.

A simple example of an API you might recognize is the “Sign in with Google” option on websites or apps. When you click that, the site uses Google’s API to securely ask for your name and email, and Google sends back only the approved data — no passwords are shared. It’s a safe and controlled way to exchange information.

Similarly, using vendors approved through the Henry Schein One API Exchange helps keep your data secure as it moves between Dentrix and other systems. While we can’t control how third parties store data, we do everything we can to protect how it gets there.

If data is shared outside of a secure API, it’s more vulnerable to attacks. Healthcare practices are especially at risk because they handle sensitive patient information.

Start by checking if your vendor is on our approved list linked here.

If they’re not listed, ask them to join.  Vendors can start the process of joining our API using this link.

If we find an unauthorized connection to your Dentrix system, you’ll get several emails and a call from the Henry Schein One team. We’ll guide you through your options before anything changes in your workflow.

These updates are being rolled out in phases, so not all customers will be affected at the same time. We’re doing this to make sure each customer gets the help they need.

These security enhancements apply to any third-party vendor that accesses Dentrix in an unauthorized way.

We’re always working to strengthen Dentrix security. That includes eliminating methods some vendors use to bypass our secure API. These workarounds can put your patient data at risk and disrupt other Dentrix services, so we’re taking steps to stop them and protect your practice.

Yes, these security enhancements will not restrict you from using another claims provider but will not permit you to use processes that rely on unauthorized integrations.  

This means that some processes with third party vendors will no longer be automated and may need to be done manually. You’ll need to work directly with your vendor to adjust your workflow.

If you’re unsure how this might affect your day-to-day operations, your Customer Support Manager is here to help. Please don’t hesitate to reach out.

Many customers have noticed significant improvements with Dentrix eClaims in recent years — especially in speed, efficiency, and ease of use.

Here’s what a few of them had to say:

“Dentrix eClaims is so much faster and better than Vyne.... I converted [my current office] when I started and the results have been amazing!... It’s greatly improved. Most of the time the x-rays attach without us even going into the claim. It’s such a great program now. So much easier than Vyne. People will say they save money with Vyne but with the ease and efficiency of eClaims, we save money just by not spending hours submitting claims that need attachments. What used to take us hours to bill takes minutes and payments return faster because it is sent correctly the first time.”

Another customer shared: 

“We also use the ERA quick posting so primary EOB’s automatically attach to the secondary claim along with any x-rays, narratives, perio charts, basically anything attached to the primary transfers to the secondary without doing a thing except posting the primary payment and requesting the secondary claim. It’s so easy and saves so much time.”

There are other options available to submit claims. You can use Dentrix eClaims or EDS to submit claims, or you can submit directly to a clearinghouse or a payer. For our up-to-date list of approved API Exchange vendors visit this page.

No – if your claims provider is affected by the security enhancements you can continue to use them in a more manual manner, or you can use one of the vendors listed above instead. If you choose to switch vendors, we will work with you to ensure no gap in claims processing while you are switching. 

Not at all. Our goal is to give you choice — while protecting your practice and patient data.

We understand how important compliance with the Cures Act is, and while it doesn’t directly apply to HSOne as we are not a certified IT provider, we believe in open access and secure interoperability. That’s why we built the Henry Schein One API Exchange: a platform that connects Dentrix with over 140 third-party vendors who meet strict security standards. You’re not limited to just our services — you can choose from a wide range of approved partners, and more are joining all the time.

With over 750 API endpoints, our Exchange is one of the most open and flexible programs in the dental industry. We're focused on helping your office run smoothly and securely, so you can spend less time managing software and more time with patients.

If your vendor has not joined our API Exchange, ask them to join. Vendors can start the process of joining our API Exchange using this link. If your vendor does not want to join our program, you can continue using them but this means that some processes with such vendors will no longer be automated once we release the security updates and may need to be done manually.

Henry Schein One has always cared about security, but with increasing cyber threats—like the recent Change Healthcare breach—it’s more important than ever to be extra careful.

Small practices are real targets for hackers, and a cyber attack can cause serious damage. That’s why we’re focusing on making sure all integrations are safe and secure to protect your practice and patient data.

The Henry Schein One API program is focused on security, accountability, and making sure partners handle patient data safely.

Henry Schein One invests a lot to build and maintain a secure API program. Vendors pay a fee to help cover these costs, which is common practice in the software industry for API access.

But paying fees isn’t the only requirement. Vendors must also meet strict security standards and agree to access Dentrix data only through the secure API.

No. Dental practices do not pay to use the API unless they are developing their own software application. Only those building apps—such as third-party vendors or practices creating custom solutions—are required to pay for API access. Simply using an app that connects to Dentrix does not require a practice to pay Henry Schein One for the API.

No. DentalXChange is an independent company with independent management. Henry Schein One has a commercial relationship with DentalXChange, but neither Henry Schein nor Henry Schein One have any ownership relationship with them.  

DentalXChange recently announced that KKR, a leading global investment firm, made a strategic investment in the company. Based on KKR’s website, it has over 225 portfolio companies and over $166 billion in invested capital. Henry Schein, the majority stakeholder of Henry Schein One, also recently announced that KKR made a strategic investment and is now an equity owner of approximately 12% of Henry Schein. While KKR is an investor in Henry Schein, they do not manage or make day-to-day decisions for our business. Henry Schein One is independently managed and operated.

At Henry Schein One, we continuously monitor, evaluate, and enhance the security of all our practice management platforms, including legacy systems like Perio Vision. Because threats are never static, our commitment to safeguarding your data and workflows is constant.

We will enforce security and reliability across all systems and collaborate with third-party vendors to ensure secure integrations with minimal disruption. If security enforcement is required, practices will be notified by the Henry Schein One team to guide them through options before any workflow changes.