In February 2025, Absolute Dental disclosed a breach affecting more than 1.2 million individuals. According to publicly available reports, attackers exploited a malicious version of a troubleshooting tool that was used by their MSP. There is no indication that the MSP acted with malicious intent. Instead, this was an example of how even well-meaning actions can create pathways for compromise.
This event reflects a broader trend: attackers increasingly target the everyday tools of system administrators (e.g. PuTTY, WinSCP, WinRAR, and even open-source components such as XZ Utils) because compromise at this level can yield broad access.
At CorpInfoTech, we regularly review incident data and threat intelligence to refine our own practices. We use those lessons to evolve our systems design, training, and procedures, which are certified under CREST (CIS) and CMMC by a C3PAO. Here are some of the practices that we ascribe to that intend to safeguard against attacks of a similar nature Ten Lessons from the Absolute Dental Incident:
In February 2025 Absolute Dental, a sizeable dental services network, detected anomalous activity across its IT systems. Investigations revealed that between 19 February and 5 March, threat actors exploited a malicious version of a seemingly legitimate troubleshooting tool, delivered via an MSP account to infiltrate their network. According to publicly available disclosures, the MSP’s actions were well-intentioned, and there is no evidence to suggest that the MSP acted with malicious intent. Nevertheless, the incident precipitated a breach affecting over 1.2 million individuals, exposing highly sensitive information such as Social Security numbers, diagnoses, treatment details, financial data, and insurance information.
It is important to emphasize that this analysis draws exclusively upon information published in breach notifications, news reports, and legal filings. The purpose here is not to cast aspersions on any organization, but rather to extract lessons for the wider business and security community.
This breach underscores a disquieting truth: even well-meaning MSPs can inadvertently facilitate intrusion; the trust inherent in such engagements can be weaponized by threat actors. One must ask, “Do you need to protect yourself from your MSP?”
A particularly insidious evolution in threat actor tactics has emerged. Increasingly, attackers target system administrator tools. These are the utilities relied upon for legitimate maintenance and troubleshooting, yet they are manipulated as vehicles for compromise.
These campaigns reflect a troubling reality. The everyday, trusted tools relied upon by administrators can be transformed into conduits for advanced, stealthy infiltration. Threat actors recognize that if they can compromise the very tools administrators use to maintain and secure systems, they can subvert defenses with alarming efficiency.
At CorpInfoTech, we do not merely mitigate risk; we anticipate it. We have long adopted CIS Controls at Implementation Group 3, complemented by stringent maintenance governance aligned with CMMC’s Maintenance (MA) domain under NIST SP 800-171. These frameworks fortify our posture without detriment to trust in our MSP operations.
CIS Controls IG3 enjoin us to execute continuous, layered protections; to monitor service-provider interactions; to assess supply-chain risks; and to detect deviations in real time. This is supplemented with our operational capabilities within CMMC-regulated environments through the use of NIST 800-171 Rev 2 controls, specifically the MA domain of CMMC/NIST 800-171. This domain emphasizes controlled, documented remote maintenance, tool integrity, access governance, and persistent audit logging. These safeguards are directly relevant when MSPs perform remote troubleshooting or updates. Through the collective controls implemented through these aligned methodologies, we mitigate risks posed by credible yet fallible MSP procedures.
The incident at Absolute Dental, considered together with the broader strategic targeting of administrative tools, articulates a vital lesson: trust is necessary, but it is insufficient. It is incumbent upon organizations to establish transparent, auditable, and resilient governance around MSP engagements and routine administrative workflows.
By aligning with CIS IG3 and the MA domain of CMMC/NIST 800-171, we demonstrate that resilience is not reactive but anticipatory; that oversight is transparent yet non-disruptive; and that administrative efficacy need not compromise security.
The question is not whether you should trust your MSP. The question is whether you have designed your systems to verify that trust, every single time. At CorpInfoTech, we move beyond the notion of outsourcing by embedding resilience into the very core of our managed services. The strength of our model does not derive from proprietary frameworks, but from the deliberate alignment of our services, systems design, training, and operational procedures with trusted and externally validated standards. Our practices are certified under CREST (CIS) and CMMC by a C3PAO; this independent certification ensures that our methods are not only effective but also measured against rigorous and widely recognized benchmarks.
This alignment is one of the many ways in which we differentiate ourselves. What distinguishes CorpInfoTech is not a single safeguard or policy, but rather the cumulative effect of disciplined measures, stringent change control, cryptographic validation, rigorous training, and transparent oversight. Each measure in isolation may appear incremental; taken together, they produce a resilient, auditable, and client-focused approach to Managed IT services. These subtle differences provide our clients with confidence that their MSP is not merely solving problems as they arise but anticipating risks and minimizing the likelihood that they develop into material compromises.
Organizations and systems administrators alike should take away clear lessons from both the Absolute Dental incident and the broader targeting of administrator tools. Robust protections require both administrative and technical controls:
Administrative Controls
Technical Controls
For organizations that consume MSP services, these lessons highlight the importance of verifying trust with structured oversight between you and your MSP. For MSPs, they present an opportunity to level up. By studying incidents such as Absolute Dental and drawing from threat intelligence, MSPs can evolve their own practices in the same way we do at CorpInfoTech. Are we perfect, no. Do we regularly learn and adapt our practices, yes! The differences that matter are often subtle; how tools are validated, how repositories are monitored, and how change control is enforced; but together they form the foundation of resilience. Whether you are a business that relies on an MSP, or an MSP seeking to strengthen your own maturity, the takeaway is the same: learn from real-world events, refine your safeguards, and treat trust as something to be continually verified, never assumed.
Question: Whether you are a business consuming MSP services or an MSP delivering them, what more can we do to as an industry to ensure that maintenance practices protect rather than expose?
Reference: